RE: mpls fragmentation [7:74577]
At 08:42 AM 9/2/2003 +1200, Thomas Salmen wrote: hmm, cheers any idea if there is any documentation regarding this? seems to me that with all these sites these days mucking around with df bits and filtering icmp that it's a wonder that any link with an odd pmtu works at all. not to mention qos getting all upset with fragmented packets. I don't believe there is any documentation per se. Essentially, if you operate a network and impose encap overhead to frames, you need to compensate for this overhead by increasing your supported mtu sizes. thomas At 10:37 PM 8/31/2003 +, Thomas Salmen wrote: does anyone know if using frame-mode mpls affects the mtu on an interface? i can't help thinking that sticking in an extra 32-bit header would mean reducing the amount of user data that could be carried by 32 bits - causing fragmentation if the data field is already at its max for a given interface... MPLS headers, 802.1q tags and all similar encap overhead certainly add size to frames and are certainly things one needs to be mindful of from an mtu perspective. apologies if the question is an inane one, but i'm just starting to get into this ls thang thomas **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74625t=74577 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: mpls fragmentation [7:74577]
At 10:37 PM 8/31/2003 +, Thomas Salmen wrote: does anyone know if using frame-mode mpls affects the mtu on an interface? i can't help thinking that sticking in an extra 32-bit header would mean reducing the amount of user data that could be carried by 32 bits - causing fragmentation if the data field is already at its max for a given interface... MPLS headers, 802.1q tags and all similar encap overhead certainly add size to frames and are certainly things one needs to be mindful of from an mtu perspective. apologies if the question is an inane one, but i'm just starting to get into this ls thang thomas **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=74607t=74577 -- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Re: RFC 2547 vs. RFC 2764 VPNs [7:73048]
I'm curious if anyone has talked to their SP and has thought about leveraging MPLS carrier's carrier approach? Not sure how many SPs, if any, support this currently, but seems to have the right scaling properties if you're an ISP. And with the ability for eBGP to carry labels for BGP routes (see neighbor send-label), the CE-PE protocol remains vanilla eBGP, meaning there's no need for MP-BGP or LDP. Of course, now you may need to do iBGP or confed eBGP over the MPLS cloud, but that could be interepreted as a benefit. L2VPN using Kompella or a bunch of PW's makes a very nice carrier of carriers approach without all the hokey L3 peering requirements. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=73076t=73048 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: Anyone using Qwest PRN ? [7:72704]
At 04:31 PM 7/21/2003 +, John Neiberger wrote: Are any of you using Qwest PRN? If so, I have a few questions for you: 1. How do you like it so far? 2. Did you migrate from something else? If so, how did the migration go? 3. Any 'gotchas' that you learned later that you wish you'd learned sooner? 4. How does the service compare to what you were using before? 5. How many sites do you have? Is this solution scaling well for you? Hey John, What is PRN? Private routed network? Can't seem to find much about it in my brief googling. Of course, it's not necessary to answer every question. I'm just doing some research on their solution and thought I'd check around here for references. Thanks, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72708t=72704 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT: Anyone using Qwest PRN ? [7:72704]
At 07:58 PM 7/21/2003 +, John Neiberger wrote: I think this actually is an MPLS VPN, of sorts. It's been fairly hard for me to get the nitty gritty details. As I see it, it's a layer 3 MPLS vpn with OSPF as our 'interface' to their network but I may be wrong about that. This sounds exactly like a 2547bis based IP VPN. As someone else just mentioned, this service is expensive compared to frame relay. In fact, at the moment it's about twice the monthly cost, but we're quickly growing to a point where the frame network is not going to support our goals. This solution looks pretty slick, I must admit. Keep in mind that this solution involves the provider managing aspects of your WAN routing which involves a different level of attention from them then you would see with a traditional layer two network. Usually, this type of service commands a premium, but the market tends to dictate pricing in many areas (depending upon where you are located). Pete John Chuck Whose Road is Ever Shorter 7/21/03 1:50:51 PM so, John, whatever happened to the MPLS network they were trying to sell you a while back? what advantage does PRN have vis a vis MPLS such that Quest is no longer trying to convince you to buy it? inquiring minds need to know :- John Neiberger wrote in message news:[EMAIL PROTECTED] Peter van Oene wrote: At 04:31 PM 7/21/2003 +, John Neiberger wrote: Are any of you using Qwest PRN? If so, I have a few questions for you: 1. How do you like it so far? 2. Did you migrate from something else? If so, how did the migration go? 3. Any 'gotchas' that you learned later that you wish you'd learned sooner? 4. How does the service compare to what you were using before? 5. How many sites do you have? Is this solution scaling well for you? Hey John, What is PRN? Private routed network? Can't seem to find much about it in my brief googling. Oops. Accidentally hit post before adding any content. ;-) Yes, it stands for Private Routed Network. It's a very interesting solution. Our hub sites would participate in OSPF with their network, while our spoke sites would use static routing. The PRN would have static routes pointing to our spoke sites and those statics would be redistributed into OSPF. The biggest downside to this is that we'd have to contact Qwest each time we added a new subnet at a branch, but I suppose that just means we'd need to plan ahead better. This solution buys us a few things over our current frame relay network. Each site has a full pipe into the PRN instead of multiple PVCs sharing a single link, and we don't have to deal with CIR. From the perspective of our routers each site is one hop away from any other site. These combination of these features will allow us to proceed with VoIP throughout our network, which is not feasible with the current frame relay network. John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72726t=72704 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: an ISIS question.... [7:72081]
At 12:29 AM 7/11/2003 +, wj chou wrote: In this case, you L1 areas will not usually be the same and the L1 adjacency between the two core routers will not form. If the area is the same, the L2 adjacency is superfluous. Many large networks are single area, or single level (ie L1 everyone in one area, or L2 everywhere where area isn't very relevant.) Can you explain a bit more about this? you L1 areas will not usually be the same an the L1 adjacency between the two core routers will not form? I am new to ISIS... In the picture, you drew a network like the following: L1L1L2---L1L2-L1 This looks very much like a network where two areas area interconnected via a backbone. The backbone in this case is the set of L1L2 routers. In this network, it would be logical to assign different area id's to each L1 process such that they operate as distinct areas. Since ISIS routers exist fully in a single area, this will leave the two L1L2 routers in different areas. Those routers will form an L2 adjacency because the L2 process doesn't look for matching area IDs, but the L1 adjacency process will fail between them as L1 adjacencies require matching area IDs (at least one) Does this help? Pete Thanks! Ellie Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72153t=72081 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: an ISIS question.... [7:72081]
At 03:40 AM 7/10/2003 +, wj chou wrote: Hi.. a basic ISIS question... I know that by default, an IS is L1-L2, so it can form a L1L2 adjacency with its neighbors. But what's the benefit of it? and under what kind of situation in real world people want to configure it this way? L1L2 routers are required to interconnect L1 areas via an L2 backbone. An L1L2 router acts much like an OSPF ABR. thanks! Ellie Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72110t=72081 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: an ISIS question.... [7:72081]
At 08:36 AM 7/10/2003 -0700, Zsombor Papp wrote: Hi, the L1/L2 behavior can be configured on a per interface basis. The question why you would want an interface to be both L1 and L2, and especially why you would want a router to form both L1 and L2 adjacency with one of its neighbors, is a good one. In general, I don't think you would want this. I can attest to have never intentionally designing a network of that nature. Unless you wish to connect L1 domains to a backbone, or are in the process of a migration from one topology to another, minimizing adjacency state and its related overhead is a good thing. One (exotic) example would be if an L1L2 router has L1, L2, and L1L2 neighbors as well on the same interface like, this: |--L2 | |--L1L2 | |--L1L2 | |--L1 In this case the L1L2 routers' interface must be configured for both L1 and L2 if we want the L1 router to be able to get out. Consequently, the two L1L2 routers will form both L1 and L2 adjacency with each other, but this is more a coincidence than a requirement, IMHO. I would agree. There is no benefit to this as I see it. A more realistic scenario would be like this: L1--| |--L1L2(A)--L2 | |--L1L2(B)--L2 L1--| In this case, you L1 areas will not usually be the same and the L1 adjacency between the two core routers will not form. If the area is the same, the L2 adjacency is superfluous. Many large networks are single area, or single level (ie L1 everyone in one area, or L2 everywhere where area isn't very relevant.) Pete I am not sure however if there is any advantage of having A and B form both L1 and L2 adjacencies with each other. It appears to me that L1 would be just fine. I, too, would be happy to hear some comments on this. Thanks, Zsombor At 02:40 PM 7/10/2003 +, Peter van Oene wrote: At 03:40 AM 7/10/2003 +, wj chou wrote: Hi.. a basic ISIS question... I know that by default, an IS is L1-L2, so it can form a L1L2 adjacency with its neighbors. But what's the benefit of it? and under what kind of situation in real world people want to configure it this way? L1L2 routers are required to interconnect L1 areas via an L2 backbone. An L1L2 router acts much like an OSPF ABR. thanks! Ellie Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=72118t=72081 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Lab !!! [7:71919]
At 08:51 AM 7/5/2003 +, H T wrote: Hi, Actually Cisco just says the following topics are removed, but there is not details http://www.cisco.com/warp/public/625/ccie/certifications/routing.html ISO CLNS... does it include ISIS ??? ISIS routing IP is still a valid topic. Token Ring and Token Ring Switching... does it includes all IBM networking??? no clue here and haven't looked into this in years. much like yourself it seems :) 1. SRB 2. SR/TLB 3. RSRB 4. DLSw and DLSw+ 5. Encapsulation bridging 6. CRB 7. IRB How about ATM, what will be included? Can any one fine out Cheers, Heiman. Hemingway wrote in message news:[EMAIL PROTECTED] anyone who is serious about CCIE lab prep should become familiar with this site: http://www.cisco.com/warp/public/625/ccie/ start your reading here. everything yoiu need to know can be found somewhere within the links provided. H T wrote in message news:[EMAIL PROTECTED] Hi all, Can any one help us about the lab topics? Cheers, Heiman. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71941t=71919 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Your advise pls! [7:60327]
At 03:15 AM 1/5/2003 +, RamG wrote: Hello Group, I finished NP/DA in Oct 2000. Since then, I have been looking for job in networking. I know my drawback for being unsuccessful. It is my past experience {as Accountant} and real world experience with Cisco routers. In order to get some experience, I had setup 5 router home lab and gained little experience by practicing / solving lab exercise from Satterlee book. Even that did not help me to get entry level positions. The job market in Toronto is so bad that, I am unable to find Tech support job too. Have you tried the VAR market for a presales tech position? Most VARs are usually interested in technical folks who understand how to present technology from a business/financial standpoint where I would expect you'd be rather proficient based upon your background. Further, for those VARs that wish to also persue Silver/Gold status with Cisco, you're being in a position to take a shot at the CCIE would be of great benefit. Doesn't the CCIE qualification exam renew at least the NP of your Certs? The DA is about useless from my perspective unless you get some free stuff for it :-). If so, I'd take the qualification exam and attack the VAR market as a pre CCIE with good business sense. Pete Now it is time for me to recertify {Oct}. What should, I do? I have already spent a lot of money on books/routers. I cannot spend any more on books/routers. Any advise appreciated. / RamG Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=71677t=60327 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: number of CCIE [7:70151]
[JN] Yeah, but does the college happy HR dude (your idol) who says bachelors required on dinky IT jobs (e.g. desktop support tech) pay attention to that? As far as he's concerned all BSs are BSs, and they are all superior to non-graduates. Remember that we are talking about IT jobs, not top mamanegent or top financial analyst positions. First of all, let me clear up that HR is not my idol. I too do not like many of the things that HR does. The difference is that I accept that HR has hiring power and I see little point in raging against the machine on this point. Why? What's the point? You can whine all you want and they're still going to have hiring power. It's far more efficient to simply accept that HR has hiring power and learn to follow their rules. I don't mean to get into the battle of which CCIE number is better than which as I don't really have an opinion. However, one thing I do pick up on is the reliance here upon getting through HR screens. I don't recall ever getting a job through conventional means myself and I don't imagine that many somewhat established folks who do better than average work do either. Most of the hiring I've ever participated in was referral based as well. To me, this debate really only applies to those folks who do not have contacts in a given area and who are not prone to more aggressive employment acquisition strategies. This bunch of folks tends to flood resumes out to Monster and hope they get a call. However, I would see this category of folks as pretty junior, in which case I wouldn't expect to see them applying for the top tier jobs in the industry. These folks need to get a job, get established, and then leverage their contact base to move on to bigger and better things, or leverage their track record to move up internally. So, the way I see it, either you are pretty new to the industry and need some help getting through screener bots, or you are not and should find far better mileage leveraging your contact base in the industry. If you are good at what you do, likely the folks you worked with noticed this as did the vendors who worked with you as did your customers. Somewhere in that mix there has to be a hotter lead than www.findmeajobfor100k.com. If you are new, having a CCIE number of any type likely helps a bunch and I can't see anyone caring how high or low it is unless you are trying to get some uber job. If you are, you'll likely lose to someone else who came recommended and the how many guys passed the lab before you won't be of much significance. (did I just get into the debate I said I wanted to avoid? :) Anyway, I guess I'm not sure who the group of people are who are highly talented, yet have no contacts in the industry but still expect to pull down top calibre jobs. I'm also not sure who the top calibre job employers are that would chose not to hire you based upon how high your CCIE number was vs how well you fit the job and interviewed, but I'm assuming this CCIE number value cut deals more with first cut resume screening. Pete Second of all, do you not think that if HR sees a degree from Harvard in a resume, he's going to give more weight to that resume than to a guy from Podunk Community College? Of course he would. Everybody would. Sure, he's not going to say that anybody who wants to get a job must have Crimson blood, but when it comes to making the first cut, you know what he's going to do. [NRF] First of all, what admissions fiasco? Are you saying that because of the abundance of information that all of a sudden everybody's getting a perfect score on their SAT's? I don't see that happening. Do you? If so, please [JN] The admissions process is a fiasco, but that is another issue. Are you implying that all the certified people are getting perfect scores because of braindumps and bootcamps? No I am not, but you do concede that those things make certs easier? And because of the fixed-score nature of certs, that there is no relative-scoring mechanism that can compensate for this. To wit - if everybody who applied to Harvard presents a 1600 SAT, that doesn't mean that everybody gets admitted - the admissions decision now moves to other criteria because at the end of the day there are more applicants to Harvard than there are slots. But if everybody who attempts the CCIE is properly bootcamp-ed, then everybody can, in theory, pass. [NRF] that all of a sudden because of the abundance of information, everybody is now a star athlete or class president, or all those other factors that help [JN] Ah, I see, we wish for a hierarchial classification of tech in the same manner a college partitions its student body: i.e. a class president or class athlete, as in star router dude test# 652-STAR, a position in cert society achieved by fulfilling a number of criteria. Perhaps one such criterion is popularity among
Re: RE: number of CCIE [7:70151]
At 09:34 PM 6/8/2003 +, garrett allen wrote: the intent of this list is to discuss preparation cisco exams, not opportunities in the various job markets. if your comments don't relate to the study blueprint in some meaninful way, please keep them to yourself. nice thread :-) for those whining about it, you can skip the messages you know. ccie is a good challenge. got after it if you want. maybe it will help you get a job, maybe it won't. jncie is pretty neat too :) my ie will expire in a couple months and I could really care less. but please, feel free to continue debate subjective topics as you see fit. for what its worth, in my opinion, nrf has well earned the right to debate whatever he wants on this list. pete thanks. - Original Message - From: n rf Date: Sunday, June 8, 2003 4:14 pm Subject: Re: RE: number of CCIE [7:70151] garrett allen wrote: yawn. Bored? I don't want to be overly confrontational, but if you really thought this thread was so boring that you're yawning, then why did you bother to make a rebuttal to me in the first place? The fact that you did obviously means that you don't think it's THAT boring. Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70401t=70151 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Tag Switching Vs Multicast [7:69797]
At 05:24 PM 5/29/2003 +, Kazan, Naim wrote: Howard, I would appreciate your view and the group on which one you guys would prefer, Tag switching or Multicasting. We having been running into problems with doing multiple windows XP imaging that can only handle up to 8 computers at a time. Multicast is enable at the layer 2 3 but still can't run more than 8 multicast sessions using Norton tool to accept clients for multicast. Once it receives the MAC address of the computer we send a session out to image about 8 computers. The number of computer will fluctuate doing more than 8 and sometimes only capable of doing no more than 3. If we do more than that it freezes up at 25% completion rate of the image. We have over a thousand computers to upgrade to windows XP by mid to late June. Our network has 6500 serious switches along with 7507 core routers. The 6500 handle both layer2/3 functions. Any help will go a long way. Thank you in advance for everyone's input in this matter. Sounds to me like you need a better multi-cast source vs changes in your network. Where does tag switching fit into this? -Original Message- From: Howard C. Berkowitz To: [EMAIL PROTECTED] Sent: 5/28/03 3:50 PM Subject: Re: Packet retransmit questiion [7:69715] At 6:46 PM + 5/28/03, Robert Perez wrote: Hi all, I have a question on the CCIE 350-001 test. I have heard differing opinions on this but when traffic crosses a WAN connection and there are problems who does the retransmit?? Host or RTR?? 1.) In Frame relay there is a line hit or corrupt packet on the WAn, who retransmits, should be the source router correct? 2.) In a point to point circuit w/HDLC there is a line hit or corrupt packet who retransmits, should be the source router correct?? 3.) In a bridged environment with a WAN a T-1 takes a line hit or corrupt packet who retrnasmits, should be the source host correct?? In all cases, the host, if you are running IP protocols that even specify retransmission. TCP does, but UDP does not. RPC over UDP retransmits. The only exception where the router would retransmit would be if you are running X.25, LAP-B, SSCOP, or SDLC. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69813t=69797 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Am I over my head guys? [7:69746]
At 07:52 AM 5/29/2003 +, B Rudy wrote: Hey guys, I just got an offer to become a 2nd senior network engineer for this company in Orange Country. Great News i know!! Dilemma: I am a CCNP but have no local Area Nework Experience. Going to be workin with Catalyst 6500 switches. Also i have about 2 yrs working with cisco equipment, however, dont feel i am ready for a senior title and duties. Also working with cisco routers. What do you guys think i should do? 1. Take the job and see how it works out? Maybe mess up their network and look real dumb and unknowledgable on some troubleshooting. risked getting fired? 2. Let the job go, and watch a great opp float away? 3. Keep the existing job i have working with cisco equipment and technology? I get through most days very much like a duck; calm in appearance, but scrambling like crazy underneath to keep things afloat. This is not a bad thing really, it just means that you may have to do a bit more research here and there. At the end of the day, so long as you don't misrepresent yourself, or answer questions when you aren't sure of the correct answer, you'll do fine. One of the best ways to advance and really push yourself is to drop in well over your head and see if you can't swim up :-) Drowning is a great motivator! You obviously care about getting it done right, and will likely put the time it to make up for any lack of experience you think you may have. You'll do fine I expect. Pete p.s. This job is a senior position, so meaning senior pay. very positive aspect, and a great company going places. over 4000 employees. Your output is greatly appreciated. Really need some advice. Thanx Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69811t=69746 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Urgent Help Needed [7:69669]
At 12:02 PM 5/28/2003 +, Rohit Sundriyal wrote: Hi All I am facing very Strange Problem .My lan is behind Pix and for the last few weeks i am receiving some popup messages on my lan pc from internet even thought i am not browsing any site.Can anybudy tell how to block this kinda messages on pix ??? These are likely triggered by trojan apps on your pc. Try grabbing software that scans your PC for these types of tools. I use ad-aware myself if I recall correctly. Also, when a pop up appears, you can always drop to the shell (assuming winx) and use netstat to see what connections you have active to get an idea where the pop up was coming from. Pete For more information please visit http://www.4vsoft.com (Software that is used for sending this kinda messages.) Thanks Rohit Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69680t=69669 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Layer 3 and 2 question. [7:69576]
At 03:05 PM 5/27/2003 +, Nuurul Basar wrote: I am planning to configured both my core and distributions as L3 device, and let the access switch to distribution using L2. I was advice that by doing this on my network two identical ip address on same subnet/vlan but in a different access switch can exist. And a packet that is attend to a host in the different switch might end up in the else where. Is this real?. I'm not entirely sure what you are trying to accomplish here? Do you actually require multiple devices to share single IP addresses? I have only seen that used for things like DNS query handling (stateless udp). Haven't seen it used anywhere else. Sorry, but I have never think off this before. Thanks Nuurul Basar Mohd Baki Network Engineer DDSe Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69602t=69576 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Layer 3 and 2 question. [7:69576]
At 08:19 AM 5/28/2003 +0800, Nuurul Basar wrote: I was amming to get both Core and dist running on L3, thus a thought off two network device having the same IP was no in. My design was rejected by the Project Mgr, due this this reason. Since my customer won't be running DHCP, so some one can used the IP in another switch. I have seen the L3 config done in another site with DHCP, and so far it works fine. I also have to disable STP and lets routing take over, using OSPF. Ok. It sounds a bit like you might have an ISP network that connects to multiple different customers? I am trying, but failing to understand what it is you are trying to do :-) Pete - Original Message - From: Peter van Oene To: Sent: Wednesday, May 28, 2003 2:51 AM Subject: Re: Layer 3 and 2 question. [7:69576] At 03:05 PM 5/27/2003 +, Nuurul Basar wrote: I am planning to configured both my core and distributions as L3 device, and let the access switch to distribution using L2. I was advice that by doing this on my network two identical ip address on same subnet/vlan but in a different access switch can exist. And a packet that is attend to a host in the different switch might end up in the else where. Is this real?. I'm not entirely sure what you are trying to accomplish here? Do you actually require multiple devices to share single IP addresses? I have only seen that used for things like DNS query handling (stateless udp). Haven't seen it used anywhere else. Sorry, but I have never think off this before. Thanks Nuurul Basar Mohd Baki Network Engineer DDSe Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69623t=69576 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP AS removal [7:66928]
At 01:53 AM 4/6/2003 +, Bullwinkle wrote: In other words, for purposes of testing, there are ONLY two ways to remove things from the AS_PATH. 1) the technique you describe, which is to create Both these techniques are invalid in my opinion. If you create a new route, you haven't changed the AS-PATH on another route at all. In these cases, you have two routes, not one modified one. an aggregate and advertise that aggregate only ( although refresh my memory - an aggregate might still contain full AS_PATH information - don't have my book handy ) OR to create an appropriate route to null 0, then enter that route into the BGP process, while filtering those that contain the AS_PATH you want to remove. AS1-AS2-AS3 192.168.x.x subnets --advertised into AS2 ip route 192.0.0.0 255.0.0.0 null 0 bgp process command: network 192.0.0.0 mask 255.0.0.0 filter the more specific BGP routes. AS3 should see just the route to null 0, which does originate in AS2 do I have that right? Do you agree? -- - Bullwinkle: Hey, Rocky, watch me pull a CCIE out of my hat! Rocky: Bullwinkle, that trick NEVER works Bullwinkle: This time FOR SURE!!! ( pulls snarling Proctor out of hat ) No doubt about it. I gotta get me a new hat! Salvatore De Luca wrote in message news:[EMAIL PROTECTED] I hear ya.. that's why if this was a TEST situation, the statement: ip as-path access-list 1 permit _2_ ! _2_ _1$ would permit routes traversing AS2 but deny any routes traversed though AS2 Originating in AS1. In which case 150.50.200.0 aggregated element should be the nlri Fresh Route point for AS3's knowledge. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66965t=66928 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP AS removal [7:66928]
At 04:22 PM 4/2/2003 -0500, you wrote: 150.50.200.0(R1)(R2)--(R3). R1 belongs to AS1 R2 belongs to AS2 R3 belongs to AS3 I inject 150.50.200.0 using the network command on R1 and see 150.50.200.0 in R3 with as_path of 2 1. The question is how can I remove the 1 from the As Path on R3. You don't. Doing this would be silly and likely dangerous. I have tried using the network command on R2 with no success. If I aggregate on R2 using 150.50.200.0 255.255.255.0 summary-only , I will still see 150.50.200.0 with as-path 2 1 ( no change). However, if I aggregate on R2 using 150.50.0.0 255.255.0.0 summary-only, then I will see 150.50.0.0 with as-path 2. The question was to get 150.50.200.0 and not 150.50.0.0. I can't get the 150.50.200.0 to work. Thank you. RAM Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66928t=66928 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP AS removal [7:66928]
At 08:26 PM 4/5/2003 +, Salvatore De Luca wrote: I have to agree that it is a bit silly, dangerous, and should not be done on a production enviornment.. but so are a lot of scenarios on the CCIE Lab.. Just to add to the sillyness: Because it is silly and dangerous, you also can't do it without creating an entirely fresh route with the same nlri and conditionally advertising it somehow. You simply are not supposed to muck with AS-PATH elements unless you are aggregating, it which case you follow the defined guidelines. Not sure how this would work, but you can try it.. have you tried as-path manupulation? From what I can see you want to remove as 1 from the path as R3 see's it. This config may work for what you are looking to do. You can try applying this to the config aggregating the 150.50.200.0 network. I think AS2 would have to originate the 150.50.200.0 net. router bgp 3 neighbor x.x.x.x route-map as-path in route-map as-path permit 10 match as-path 1 route-map as-path permit 20 match as-path 2 ip as-path access-list 1 permit _2_ ! _2_ _1$ ip as-path access-list 2 permit .* Sal Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66938t=66928 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP Question...?? [7:66919]
At 03:46 PM 4/5/2003 +, Salvatore De Luca wrote: Hi All, I am trying to better understand a particular BGP scenario, thought someone might shed some light. This is probably very simple, i am just missing the punchline. If you have 2 routers, one let's say running in AS100 the other running in AS200, and you had to EBGP peer with 128.1.1.254 from AS100 router. You were required to use the Ethernet0/0 ip on AS100 router for peering 128.1.2.3, would you configure your neighbor statment pointing to 128.1.1.254 and update the source to Ethernet 0/0?,(I tried this and was no good) even after a debug ip bgp. I think maybe a secondary address 128.1.1.253 on the ethernet might be a way to go. Basically, 128.1.1.254 is a route generator that I would need to peer with in order to recieve several external routes. I dont have any configs to post at the moment, but just trying to get an outside opinion. There isn't enough info here to answer this. Is 128.1.1.254 on the other side of the Ethernet? (ie the next is 128.1.0.0/22)? Likely not I expect. If not, you need to use EBGP multihop which will allow the EBGP packets to move out farther than 1 link (changes the TTL in the packet from 1 to whatever you set it to) Furthermore, is the 128.1.1.254 configured to peer with 128.1.2.3? If not, you'll need to use update source to set your side of the connection to the appropriate address. If 128.1.2.3 is a secondary, that this would likely need to be used as well. However, is 128.1.2.3 is the primary address on the eth0 and the eth0 is the closest link on your router toward 128.1.1.254 and 128.1.1.254 is set to peer with 128.1.2.3, than you should just be able to set multi-hop with an appropriate TTL and be on your way. Also watch for BGP authentication in case it is required. Pete Thanks, Static0101 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66937t=66919 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Books for Introduction to networking [7:66849]
This has always been one of my favorites. http://www.amazon.com/exec/obidos/ASIN/0130661023/qid=1049475026/sr=2-2/ref=sr_2_2/002-6465627-7277631 (Computer Networks by Andrew Tannenbaum) Pete At 03:20 PM 4/4/2003 +, Hubert Pun wrote: Hi, Is there any good book for non-technical manager about intro to networking (or network 101)? I have tried to search around and come across two books. Cisco Networking Academy Program IT Essentials II: Network Operating Systems Companion Guide http://www.ciscopress.com/isapi/st~{83B5FF0E-06C7-4A59-B7F4-61B7A6B1566C}/session_id~{8F92035A-5279-4756-AE28-2676C8AB5BF8}/product_id~{66B1B7AF-7587-4FD1-8D82-FDB7976BD71F}/catalog/product.asp Internet Architecture: An Introduction to IP Protocols http://www.amazon.com/exec/obidos/tg/detail/-/0130199060/qid=1049468836/sr=1-9/ref=sr_1_9/002-1652755-1832040?v=glances=books The Internetwork Technology Handbook that is too cisco oriented and also one step too far. What I am looking for is some books that talks about OSI 7 layers, what router is for, what switches is for and so on Thanks in advance for any suggestion. _ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66856t=66849 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: A career in MPLS..... [7:66609]
At 03:27 AM 4/2/2003 +, Priscilla Oppenheimer wrote: I wonder if Cisco's MPLS class is just dated. It takes a long time to develop and roll out a new class, especially if there's also a Cisco Press book, exam, instructor materials, course binder, instructor training, beta testing, etc. More than likely, Cisco chose to teach what a broad range of their gear could do. L2vpn doesn't fit this category, though I would expect that they have better luck with RSVP. In the early days of MPLS, was there more emphasis on LDP than on RSVP-TE? I find the two technologies not competitive actually. I am just now building a network that runs LDP on a large number of devices for ease of provisioning, yet rides a TE core that is signalled by RSVP-TE. To me, these are two tools. However, I agree with nrf that glossing over RSVP will leave a bit of a hole in one's knowledge. I again expect that Cisco may have had wider platform support for LDP than they did for RSVP, but I'd have to check that out as I know they were an early supporter of RSVP, but may not have offered it beyond their 7500/12000 product lines. Were MPLS L3 VPNs around before L2 VPNs? RFC2547bis, or BGP/MPLS VPNs, was the first widely inter operable vpn technology that used MPLS in the forwarding plane. It is thus also the most mature of the many variants and again more widely support across the product line. L2vpn (ptp) is still pretty fresh, particularly in the Cisco camp. Very few platforms have a wide range of support for the many encapsulations defined by the various martini specs. (Luca Martini from L3 has taken the lead on the many L2 over MPLS encap standards as well as defined a signalling mechanism via LDP) I expect the standard course gear doesn't have enough support for these technologies to make labs feasible. I should note that the L2vpn (if you want to call it that and most marketing types do) I've been discussing (though briefly) are the point to point type (Virtual Private Wire Services -VPWS). Think frame relay with ethernet in the last mile and 802.1q tags for DLCIs. There are also a set of standards dealing with point to multipoint delivery, usually known as Virtual Private Lan Services that are attracting a bunch of a attention. These specs made the provider network look like a single broadcast domain. I'm not convinced that is a good thing (don't know many providers using LANE for what its worth), but it certainly seems exciting to marketing and IETF types. Anyway, I suppose my overall point is that I fully agree with nrf, that to the curricula is not entirely representative of the more interesting bits of MPLS, however I expect the underlying reason is lack of platform/sw support to enable effective classroom lecture on the subjects. Pete Maybe it's just a matter of course development latency. Thanks for your insights. Priscilla nrf wrote: Henry D. wrote in message news:[EMAIL PROTECTED] I don't mean to start any type of argument here, especially with someone who obviously has more experience than I do. Yes, you've been contributing to this study group many times. But also many times your contributions are rather rethorical than practical and at the same time you seem to draw attention to what your opinion is rather than to give an educated and objective view backed by any type of real life examples. First of all, given the subject matter (MPLS), it is most difficult to be giving out real-life examples. The fact is, MPLS is at this time not widely implemented, so therefore few examples abound. Second of all, it is essentially impossible for anybody to make a posting that is not necessarily colored with an opinion, particularly when they are discussing a subjective question. Questions like whether they should study MPLS or what they should do with their future are necessarily going to draw a wide range of opinions. If everybody is supposed to dogmatically answer 'yes' or 'no', then what's the point of even asking the question in the first place? The point is that subjective questions must necessarily elicit subjective answers. People are not robots. Everybody has to call it like they see it. You ask a subjective question, and people should be able to chime in with whatever they think. It's all about freedom of speech. Third of all, Cisconuts and I have taken the discussion offline, and while I don't want to speak for him, I would venture to say that he is quite happy with my responses. So if he's cool, then what exactly is your beef? Fourth of all, I resent the implication that my views are not educated. Be careful when you go around saying stuff like that. I seem to recall a story a few years ago how one particular guy harangued another guy about BGP, essentially saying that he knew nothing about how BGP really worked - only to find out
Re: CCIE Vs. Linux engineer (not Ph.d) [7:66669]
Just study both and go easy on the incitement of textual riots. At 10:15 AM 4/2/2003 +, you wrote: Hopefully I'm not going to stir another whirpool here. Today I was surfing job sites and found out that where there are less than dozen jobs available for CCIE in Silicon valley, there are more than 80 jobs available for Linux engineers. Their initial salaries seem to be better than CCIE nowaday. We all understand that we take great pride in achieving CCIE. It is not only the hardest network certifications to get, but also financial rewards used to be excellent, too. No matter how much efforts we put in these CCIE certifications, our fates are still being subject to the cruel law of supply and demand especially in this time of war. Linux is not easy. There are many commands to remember. But it doesn't require to invest thousands of dollars in routers and switches for training. However their demands are higher than ever. On the other hand, the supply for the CCIEs seems to surpass today's demand and for some serious time to come. Some might say, you study CCIE because you love the networking. Alright, but if the future salaries for CCIEs are going to be somewhere near MCSE level, would you put such an effort to get CCIE certs and still pursuing the career of Cisco? Where are we heading? Someone please enlighten us. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66688t=9 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: What tools can tell u r using lease line or ISDN? [7:66561]
At 05:27 PM 3/31/2003 +, Link Teo wrote: I am using leased line to connect my remote offices to HQ. All the leased line are backup by ISDN. Is there any tools which can inform me via email or other means about whether I am using leased line now or ISDN backup? In other words, any tools which can inform me when the primary line is down and the ISDN kick in? Any SNMP manager should be able to tell you when the primary link dies. Thanks a lot. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66574t=66561 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP Route Reflectors [7:66488]
At 04:52 PM 3/31/2003 +, \\[EMAIL PROTECTED]\ wrote: All, Please can someone clear this up for me, if you have the time. IBGP peers do not have to be physically connected to one another, as long as an IGP (most preferably) is running between them. In most cases the routers are not adjacent and certainly do not need to be. Half the reason one runs an IGP in an ISP is for loopback reachability support for IBGP peering. Such a demand would put pretty expensive topological demands on a network. On page 128 (paragraph 1) of the Routing TCP/IP Volume 2 book, it says the following about route reflectors and clients :- The clients have physical connections to each of the route reflectors, and they peer to each This may relate only to the diagram in question. I assume that each client in a iBGP domain, does not need to share a physical data-link to each RR? Correct. Many thx. (maybe im just tired from studying all weekend). Regards, Ken For more information about Barclays Capital, please visit our web site at http://www.barcap.com. Internet communications are not secure and therefore the Barclays Group does not accept legal responsibility for the contents of this message. Although the Barclays Group operates anti-virus programmes, it does not accept responsibility for any damage whatsoever that is caused by viruses being passed. Any views or opinions presented are solely those of the author and do not necessarily represent those of the Barclays Group. Replies to this email may be monitored by the Barclays Group for operational or business reasons. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66573t=66488 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PING PROBLEM [7:66132]
At 09:58 AM 3/26/2003 +, Larry Letterman wrote: The serial interface cant ping itself like the ethernet can..It will send the packet to the remote end and then back..if the path between both serial interfaces is not correct the local ping will fail..turn off keepalives and see if the ping will work on the local end.. With HDLC encap, the router should be able to ping itself IIRC. Pete Larry Letterman Network Engineer Cisco Systems - Original Message - From: srinivas kunthuri To: [EMAIL PROTECTED] Sent: Tuesday, March 25, 2003 8:43 PM Subject: Re: PING PROBLEM [7:66132] Hi Larry, I did not understand what you are saying. I had pinged my local serial interface. it is giving request timed out. i had pinged the remote end serial ip. it is giving reply. Can you tell me why it happend. Thanks, K.Srinivas - Original Message - From: Larry Letterman To: srinivas kunthuri ; [EMAIL PROTECTED] Sent: Wednesday, March 26, 2003 1:09 AM Subject: Re: PING PROBLEM [7:66132] to ping the serial interface usually it has to go to the remote end and then back...make sure the path from end to end is working... Larry Letterman Network Engineer Cisco Systems - Original Message - From: srinivas kunthuri To: [EMAIL PROTECTED] Sent: Tuesday, March 25, 2003 2:11 AM Subject: PING PROBLEM [7:66132] Hi all I am having one doubt regarding ping. I had configured two routers at two locations connected through SCPC PAMA VSATs. I had pinged to serial interface. It has given request timed out. but, the serial interface is up and line protocol is also up. I had pinged the other end serial ip. it is giving reply. what will be the reason. can any one explain me . Regards, K.Srinivas Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66251t=66132 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Basic QOS Frame MPLS question [7:66210]
At 02:08 PM 3/26/2003 +, [EMAIL PROTECTED] wrote: I don4t think so. There are many QoS tool that you can use without MPLS. For what it's worth, MPLS is not a QOS tool. It can be used as a component in a QOS strategy, but by itself, provides no QOS. For example, you can use ip rtp priority, so the priority traffic will go to a high priority queue. Also, the fragmentation options will help you to avoid 'big' frames from starving the voice frames. Low Latency Queueing for Frame Relay http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t2/dtfrpqfq.htm#wp1033474 Link Fragmentation and Interleaving with Frame-Relay http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/fqcprt6/qcflfifr.htm Frame Relay Header compression http://www.cisco.com/univercd/cc/td/doc/product/software/ios112/rtphead.htm#xtocid63548 Paul @groupstudy.com em 25/03/2003 19:59:20 Favor responder a Paul Enviado Por: [EMAIL PROTECTED] Para: [EMAIL PROTECTED] cc: Assunto:Basic QOS Frame MPLS question [7:66210] Hi, Quick question to everyone At work I have a Frame Cloud that links all our sites together in a hub and spoke manner. At some of the sites I would like to extend our IP Telephony and perhaps introduce Video Conferencing. Assume I have adequate bandwidth throughout for video and IP telephony. I would like to implement QOS. Am I correct in assuming that I can only prioritise voice/video over the frame circuit, and that if I want to implement QOS I would have to 'swap' Frame for MPLS/Layer 4 Switching ??? Kind regards Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66261t=66210 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ping things [7:66155]
At 12:55 PM 3/26/2003 +, Peter P wrote: I can reach my end node by declaring the loopback address as the source. By default the router is using the seril i/f address. Unless I use the loopback as the source it dont work. So I need to understand how to fix this - I imagine the intervening hops are where the trouble lies Make the serial interface reachable. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66260t=66155 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ping things [7:66155]
At 02:55 PM 3/25/2003 +, Peter P wrote: I can ping from router A through various hops to router F. Therefore the packet'knows' how to reach F - and also how to find a path back to A by reply. However from router F I cannot ping router A. As the ping works in the first case - ie it knows the path back from F to A - how come it doesnt work in the 2nd ? The path is 'clean' ie no firewalls, access lists or any filtering. Puzzled. A cannot reach the interface from which the ping in sourced on F most likely. Try controlling your source addresses and see if that points you in the right direction. Pete Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66174t=66155 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ping things [7:66155]
At 04:35 PM 3/25/2003 +, Priscilla Oppenheimer wrote: Orlando Palomar Jr CCIE#11206 wrote: You have a routing problem. Check your routing tables thouroughly. I'm sure you're missing some networks. The reason you're able to ping one-way is because you're using different sets of source and destination IP addresses when pinging from router A to router F, as compared to pinging from router F to router A. The ping reply from router F uses the same addresses as the ping from router F to router A. Why would the reply work but not the ping? In many cases the ping is directed to a router loopback which I assumed and likely Orlando did as well. Or maybe the ping from router F to router A fails because the reply from router A doesn't get back. But that would be weird too. Why would router A be able to send a ping but not a reply? He needs to find out which fails and where, with debugs or sniffers. He could still have a routing problem, but it would have to be a weird one if these results are consistent. He says no firewalls or access lists, but it sure sounds like a firewall or access list to me. Priscilla Use the extended ping command to see what I mean. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66175t=66155 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ping things [7:66155]
At 04:35 PM 3/25/2003 +, Priscilla Oppenheimer wrote: Orlando Palomar Jr CCIE#11206 wrote: You have a routing problem. Check your routing tables thouroughly. I'm sure you're missing some networks. The reason you're able to ping one-way is because you're using different sets of source and destination IP addresses when pinging from router A to router F, as compared to pinging from router F to router A. The ping reply from router F uses the same addresses as the ping from router F to router A. Why would the reply work but not the ping? In many cases the ping is directed to a router loopback which I assumed and likely Orlando did as well. Or maybe the ping from router F to router A fails because the reply from router A doesn't get back. But that would be weird too. Why would router A be able to send a ping but not a reply? He needs to find out which fails and where, with debugs or sniffers. He could still have a routing problem, but it would have to be a weird one if these results are consistent. He says no firewalls or access lists, but it sure sounds like a firewall or access list to me. Priscilla Use the extended ping command to see what I mean. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66204t=66155 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: type 4 LSA updates OSPF question [7:66089]
At 08:25 PM 3/24/2003 +, Xy Hien Le wrote: Hi everyone, Can someone tell me that only ABR will ORIGINATE type 4 LSA in OSPF or both ABR and ASBR do? Only ABRs originate type 4 summaries. Pete Thanks Xy Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66094t=66089 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Using communites to change the local-pref - not working?? [7:65999]
Are you sure the communities are on the routes when they hit UU/Sprint? I expect you remembered to add send-community to the peer :) Pete At 04:26 PM 3/22/2003 +, Cisco Nuts wrote: Hello, I have 2 routers in AS300 RTF is connected to RTA in AS 1239 RTG is connected to RTH in AS 701 In AS300 I have set communities via a route-map to be advertised as follows: 1239:110 to AS 1239 701:120 to AS 701 Routers in AS 1239 and AS 701 have been configured with a community list and a route-map to match these communities and change the local pref to 110 and 120 respectively. These work fine: Ex.AS701-H#bt Network Next HopMetric LocPrf Weight Path * 3.3.3.0/24 190.90.10.1 120 0 300 i Ex. AS1239-A#bt Network Next HopMetric LocPrf Weight Path * 3.3.3.0/24 180.80.10.1 0110 0 300 i AS1239 and AS701 are connected to RTE AS7018-NAP From AS7018, I wanted to route to be preferred through AS701 which has a higher local pref of 120 BUT AS7018 still prefers the route thru AS1239 which has a local pref. And I do not see the local pref values in AS7018. Why?? Ex. AS7018-NAP#bt Network Next HopMetric LocPrf Weight Path * 3.3.3.0/24 170.70.10.20 701 300 i * 160.60.10.20 1239 300 i 160.60.10.2 is AS1239 Now I do understand that all things being equal, BGP will prefer the router with the lowest RID, which in this case is AS1239, 160.60.100.100. Thus AS7018 chooses this route. BUT I want AS7018 to choose AS701 to get to AS300's networks!!! Question: Should AS7018 on receiving the communites from AS1239 and AS701 set the desired local pref?? Why not?? What am I missing? Please advise. Thank you. Sincerely, CN _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65999t=65999 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Using communites to change the local-pref - not working?? [7:66002]
Question: Should AS7018 on receiving the communites from AS1239 and AS701 set the desired local pref?? Why not?? What am I missing? Please advise. My read on it ( after checking Halabi's and Stewart's books ) is that LOCAL_PREF is typically set on the inbound side, not with the outbound side. LOCAL_PREF is an optional attribute. You don't want others to be able to impose their criteria on you. This is actually a real world scenario. In an ISP network, I want control of everything. Letting customers influence their flows (or peers or anyone for that matter other than me) makes me nervous. For these reasons, even though it may be safe to use it, I'd zero all inbound meds. However, I may want to allow a customer some controlled flexibility, so I give them a few communities to strap on routes that will influence my pref setting. This is what CN is referencing. ATT might give you 7018:90, 7018:80 and 7018:100 to use which they will honor with LPref settings on their end (of 80,90 and 100 in this case). In this way, as the ISP, you give the customer the ability to influence your exit decisions, but you do it on your terms. Pet also - are you remembering to use the bgp send-communities switch? This, or buggy IOS that itself might have overlooked this setting would be my guess. Thank you. Sincerely, CN _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66002t=66002 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Getting out of hand?? [7:65676]
At 07:31 PM 3/18/2003 +, Priscilla Oppenheimer wrote: Maccubbin, Duncan wrote: How is the industry supposed to keep up with this?? What's the issue? Not sure I'm seeing your point. What's wrong with Cisco announcing that their product received some sort of certificaton? Exactly.. I think the poster mistook the possibly ambiguous announcement as yet another CCXX cert. Now, if you were concerned that Cisco has too many ways for people to get certified and that the situation is getting out of hand, I might agree. I really am surprised at how many folks pour their heart/money into getting one after another. I'm also amazed at how many folks will try and devote a good portion of interview time to showing me their various certificates. After the first couple I pretty much grasp that you have enough short term memory to get through a multiple choice exam and we should really get back to talking about technologies. Cisco makes big bucks on these certifications. The recert requirements create a beautiful residual revenue stream making this business unit very attractive internally to Cisco. Since they doubled the cost of the CCIE recert, purely for profit, I have decided to let my certification lapse vs give in to this obvious cash grab. Kudos to Cisco for making their VAR channels one of their more lucrative revenue sources. Priscilla Cisco also announced today highly prestigious certification support across the entire PIX Family of security appliances. Certifications earned include the Common Criteria Evaluation Assurance Level 4 (EAL4) certification, and both ICSA Labs firewall and IPSec certifications. These certifications provide customers with independent and objective validation that a company's product meets certain levels of quality and reliability, and are among the industry's most respected and stringent criteria for certification. Providing customers broad certification support across the Cisco PIX family within a common operating system increases operational efficiencies and lowers support and management costs. Duncan Maccubbin US Network Support, Cable and Wireless CCNA, CCNP, CSS1, MCSE4 Work (703)287-6975 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65689t=65676 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IOS for MPLS [7:65586]
At 02:25 PM 3/17/2003 +, Michael wrote: Dear all Can anybody suggest a stable vesion that supports MPLS? Try your SE team. It's all a balance of platforms/features/interfaces/VIPs/PA's etc :) We are in a process of running MPLS though our network on C7507 routers and we tried a few versions IOS but we face various and different problems between the version . We face problems with interface statistics, with web browising with various vendors Firewalls etc.. Most of these issues sound like MTU problems. Are you budgeting for the extra encap overhead in your backbone MTU's? Pete Your help will be appreciated __ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65593t=65586 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Off Topic - CCIE Certification Junkies [7:65499]
At 05:30 PM 3/15/2003 +, The Long and Winding Road wrote: With the announcement of the CCIE Voice certification ( a Good Thing, IMHO ) I wonder a couple of things: 1) who will be the first quadruple CCIE? A certification junkie ;-) 2) Does Cisco still recognize the Design, WAN, and IBM CCIE's as valid certifications, making it possible to have more than four? 3) When will the CCIE become just another useless cert in the long history of useless networking certs? I really don't see the point myself. Having a CCIE proves that one is able to do research and pass a relatively challenging test. However, the practicality of the material tested upon is really questionable (more so in some tracks than others I expect as well) I imagine most employers with the technical ability to properly evaluate candidates will not weight candidates with more than one CCIE higher than others. I imagine these types of employers will simply look for candidates who can demonstrate the proficiencies they are looking for. Further, there is little justification outside of the VAR space to hire CCIEs over otherwise qualified folk anyway. Indeed, there may be justification not to as a CCIE may attract more head hunter attention (if there are any left) than a non CCIE would. For me, the CCIE was a good motivation for learning some technologies I would have otherwise ignored. If I were to do another one, it would provide only that benefit. But the costs are becoming quite prohibitive, and Cisco's decision to raise the cost of recertification to 300 bucks has really left me wondering if I will recert. I'm not big on extortion. Pete NRF - you out there tonight? -- TANSTAAFL there ain't no such thing as a free lunch Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65515t=65499 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Any Cisco Teaching Certificate [7:65322]
At 04:45 PM 3/13/2003 +, Shawn Xu wrote: I am holding CCNP certificate. Recently I am interested in teaching Cisco router and switch stuff. Do I need any Cisco teaching certificate? That depends on what you want to teach. If you want to teach licensed Cisco material, then I'd consult with whomever you expect to be teaching for and ask them what they require of you. Shawn _ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65349t=65322 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Spanning tree question on .1q trunks [7:65386]
At 11:08 AM 3/14/2003 +, Amar KHELIFI wrote: ur right about the frames ability to use gig0/2 only if the gig0/1 goes down, but according to the standard, the link from which bpdu's arrive with a higher cost will be put on blocking, but visibely that is not the case. some one will surelly respond to this. Keep in mind that only one side of a point to point LAN link will ever block. One node on every LAN segment must be elected as the designated bridge port for the segment.I posted a pretty long explanation of this awhile back but can't find it in my archives :( Pete John Brandis a icrit dans le message de news: [EMAIL PROTECTED] Hey All, I am going through my network, which consists of a single 4006 at the core, and some 14 2950's connected via gig fibre. Picture this, I have 4 2950's on each floor (3 floors in my building, yes I know that does not equal 14 switch's) each have a gbic fibre connection to the 4006 core, whilst the other gig port go's to the next switch on that level. So switch 1 connects int gig 0/2 to switch 2 gig 0/2 My issue at the moment, is that when I have a look at the spanning tree states, I see that both gig ports are in a forwarding state. That does not sound correct to me as I expected to see one blocking (the int gig 0/2) and the link to the core in a forwarding state. Here is the output of one of my switch's lvl13-sw1#sh spanning-tree blockedports Name Blocked Interfaces List Number of blocked ports (segments) in the system : 0 --- A showing of my active spanning tree ports shows -- InterfacePort ID Designated Port ID Name Prio.Nbr Cost Sts Cost Bridge ID Prio.Nbr - --- - Gi0/1128.49 4 FWD 0 8192 0009.e87f.ea00 128.75 Gi0/2128.50 4 FWD 4 32769 000a.b7e3.2dc0 128.50 * I have noticed that the cost of the port is significantly higher which would indicate to me that data not go over this interface unless the interface gig 0/1 died. Am I right, or do I have an error on my network. Thanks for this guys/girls/etc/squid/ ** visit http://www.solution6.com UK Customers - http://www.solution6.co.uk ** The Solution 6 Head Office and NSW Branch has moved premises. Please make sure you have updated your records with our new details. Level 14, 383 Kent Street, Sydney NSW 2000. General Phone: 61 2 9278 0666 General Fax: 61 2 9278 0555 ** This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65431t=65386 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: ASBR router [7:65424]
At 03:00 PM 3/14/2003 +, [EMAIL PROTECTED] wrote: It is generally a bad idea to run any IGP with your ISP. If your intent is to advertise the external interface that you connect to your ISP to your OSPF network, then run that interface under OSPF as passive. I don't think any sane ISP would allow this anyway ;-) I personally don't see how OSPF is relevant in the question, unless it relates to BGP Next-Hop resolution which likely isn't the case, or maybe the origination of a default route. Thanks, Mario Puras SoluNet Technical Support Mailto: [EMAIL PROTECTED] Direct: (321) 309-1410 888.449.5766 (USA) / 888.SOLUNET (Canada) -Original Message- From: hanan [mailto:[EMAIL PROTECTED] Sent: Friday, March 14, 2003 7:21 AM To: [EMAIL PROTECTED] Subject: ASBR router [7:65424] Hello I have a ASBR router that has internal interface with my internal network and a external interface witch is connected to ISP that provide us Internet My question is do I need to configure this external interface with a separate area or I dont need to put it in a separate area, and if so how I will know which area the ISP use Could you please explain to me how we configure the external interface, which is connected to ISP in ASBR router? Hanan Best regards Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65453t=65424 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Layer 3 Switches Vs Routers [7:65215]
At 05:57 PM 3/14/2003 +, Scott Roberts wrote: In the end, the device either routes or bridges the frames it receives, but takes no action that can be distinctly described as layer three switching. Pete to my basic understanding ALL routing has a switching component to it already, whether we're talking about regular routers or L3 switches. process switching, fast switching, autonomous switching, distributed switching, etc... are all the ways the packets are moved between interfaces on a router. therefore both layer 2 and layer 3 'switch' irregardless of the name on the chassis. I disagree. You are describing a generic technology with vendor specific terminology. How packets move (if they move at all) in a router is an implementation specific detail (that is to say it's up to the box designer and internal to the device itself) . I personally view the sole distinction between the standard routers/bridges and the multilayer switches as the use of ASICs. How a technology is implemented does not change the nature of the technology itself. By this definition, I would be curious at what forwarding rate does a router becomes a switch? In other words, just because some IP routers are faster than others does not mean they are not routers. Of note, most high end routers implement an all silicon based forwarding path and few of these folks have branded their routers as switches. scott Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65476t=65215 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Layer 3 Switches Vs Routers [7:65215]
At 01:43 AM 3/13/2003 +, aletoledo wrote: a layer three switch is a router, just as a switch is really a bridge. a layer 3 switch 'routes' in hardware, while a router routes in software. For what its worth, Juniper would likely take exception to your calling their products layer three switches as they have an all ASIC forwarding plane and therefore route in hardware. thats the easiest way to look at them. it has gaps, but once you get the big picture you can then start to talk about the specifics. probably the biggest thing that a layer 3 switch can't do (unless its changed recently) is route anything but IP. while designing the hardware routing circuits for a L3-switch they had to compromise and IP being the most popular won out. thats not to say that one day they won't have made enough chipsets to route every other kind of protocol also. I suppose since we saw the death of bridges due to switches, we'll also see the death of routers to L3-switch. scott nanda wrote in message news:[EMAIL PROTECTED] Hi ... We have switches that operate at Layer 3..right.. My Question is when we have Routers that are good enough why do we need switches at layer3? Under what circumtances do we use switches instead of routers? Hope I made Myself Clear...Thanks in Advance!!! Regards... Nanda Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65300t=65215 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Layer 3 Switches Vs Routers [7:65215]
At 10:44 PM 3/12/2003 +, Orlando, Jr. Palomar wrote: Without consulting any documentation, a couple of reasons I could think of is forwarding rate and the switch-fabric (or the size of the backplane, usually in Gbps). A full-fledged Layer-3 switch running at wire-speed would be much more efficient in routing (and switching) between VLANs compared to a router. Many routers route at wire speed and can do this on/between tagged VLANs. This is just routing. Another point of comparison is port density. You can only have such and such number of ethernet, fastethernet, or maybe even gigabit ethernet ports on a router before the cost becomes quite prohibitive. Oh sure, you can use the router-on-a-stick method. And though it is a good Cisco IOS feature, it was meant to be an interim solution when transitioning from a flat to a segmented network. Anyway, if you only have a relatively small network, say 2 VLANs, you can opt for the router-on-a-stick method. Or better yet, use a router with dual ethernets or fastethernets. However, if you're supporting 4,5, or more networks, that's what L-3 and multi-layer switches are for. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65301t=65215 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP dampening [7:65086]
At 07:39 PM 3/11/2003 +, Oliver Hensel wrote: Hi! Can someone point me to a document which explains what happens with a prefix that is dampened if it's distributed via two providers. Hi Oliver, Here is a link to a doc from Randy Bush that covers damping in some detail. http://psg.com/~randy/021028.zmao-nanog.pdf (handily posted to NANOG today :) For technical info on damping in general, check rfc 2439, and RIPE 229 for recent best practise config settings (which are put into serious question by the above PDF) Damping was brought into existence as a means to protect routers which could be overwhelmed by a large amount of BGP updates to the extent where they would would either crash, or drop BGP sessions themselves thereby exacerbating the route churn issue. At present, newer routers and better BGP implementations are able to deal with large amounts of BGP updates without any impact to other processes in the router and thus the need to protect them via damping isn't a huge priority. Further, as Randy points out, damping may do more harm than good to route convergence in the global Internet. As a result, I think it is safe to say that the need for damping in general is in serious question. Will only the penalized route dampened, that is will we still have connectivity if one link is flapping. I think so, but I'd like to have some confirmation for that. BGP prefixes (NLRI) are damped individually, however damping really only impacts you on more remote AS's. In your case, you have a situation like the below: you / \ transit1transit2 | \ / | remote1 - - remote2 | \ / | remote3 --- remote4 When you advertise 10/8 to transit1 and transit2, assuming these folks are clueful and automatically pref customer routes above peer/transit, both of them will always prefer the direct route to you. This is important as implicit withdrawals are penalized in the same way as direct withdrawals. This fact, coupled with the fact that damping stats are cleared on EBGP sessions when the peer resets will tend to make damping irrelevant between neighboring AS's. However, as you get more and more remote, things get worse. To expand on this, consider remote3. Assuming you advertise 10/8 to both transits, imagine that the update from transit2 gets to remote1 first and on to remote3. In this case, remote3 hits you with an advert penalty and posts the route 10/8 via as-path r1,t2, you Shortly thereafter, the update from transit1 shows up in remote1 and by virtue of a better AS-PATH becomes the best path in remote1. Remote1 therefore sends an update with the new path info to remote3. This update includes an implicit withdrawal of the old path and a subsequent damping penalty applied to 10/8 in remote3.Likely these two updates appeared in remote 3 in a pretty narrow time window and thus you have a 10/8 prefix that has suffered a nice penalty without ever really flapping. Consider also that depending on AS size, router types, BGP advertisement intervals and such, remote 3 may have seen an r1,r4,r2,t2 path first, then an r1.r2,t2, then an r1,t1 path and may have penalized you once for the initial advert and two more times for the implicit withdrawals which might get you damped in remote3 right off the bat. This issue gets worse as you consider ASes more and more remote from you. For what it's worth, I may have this entirely wrong :-) But this is my understanding of the behavior. The networks I have designed used graded damping and are not tremendously aggressive. I am however considering removing damping from the configs for the few networks I have some impact in as I really don't see it serving much of a role. Pete Thanks and best regards, Oliver -- Oliver Hensel telematis Netzwerke GmbH mailto: [EMAIL PROTECTED] Siemensstrasse 23, D-76275 Ettlingen Tel: +49 (0) 7243-3448-0, Fax: -498 visit us: http://telematis.com 3 Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65302t=65086 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ISP OSPF Design [7:65316]
At 03:54 PM 3/13/2003 +, Chris Headings wrote: Good morning all, Does anyone out there know of either a good white paper or book that shows some ISP OSPF designed networks? I am trying to find something that is more geared towards service providers rather than corporate network LAN design. Here are some thoughts. First off, keep your IGP as small as possible by pushing as much routing as possible in BGP. Ideally, you'll only use OSPF for loopback and link reachability. Use multiple areas only when the sheer amount of routers/interfaces demands it. Since you have few routes in OSPF, you won't be using multiple areas to enable address summarization. The amount of routers one has before one needs isolation via areas is a matter of some debate, but assuming you have some service provider class routers, should be at least in the 50-100 range at minimum and could likely approach much higher numbers. If you must use multiple areas, configure them as NSSA. You shouldn't have any externals in your network to begin with, but some odd situations tend to demand it and therefore if you must bring them in, NSSA will allow you some control over their flooding. Beyond that, try nanog archives for metric use guidelines if you intend to do some TE in OSPF (there are a few different approaches to metric use in IGPs). Also nanog is likely to have some timer tweaks that will be helpful in speeding convergence. Book wise, I've not seen one that covers IGP/BGP in tremendous detail. Howard Berkowitz has a pretty useful service provider book (Building Service Provider Networks / Wiley) that covers a variety of ISP oriented details that would likely be a good read if you are new to ISP networking, but most of the decent ISP best-practise like details from a router configuration perspective have usually been found at or near the NANOG community. Phillip Smith from Cisco has published his ISP Essentials set of guildelines as a book which has a lot of very useful information, but can also be found in pdf form. Pete Thanks as always... Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65345t=65316 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Layer 3 Switches Vs Routers [7:65215]
At 12:16 PM 3/13/2003 -0500, Howard C. Berkowitz wrote: At 2:43 PM + 3/13/03, Peter van Oene wrote: At 10:44 PM 3/12/2003 +, Orlando, Jr. Palomar wrote: Without consulting any documentation, a couple of reasons I could think of is forwarding rate and the switch-fabric (or the size of the backplane, usually in Gbps). A full-fledged Layer-3 switch running at wire-speed would be much more efficient in routing (and switching) between VLANs compared to a router. Many routers route at wire speed and can do this on/between tagged VLANs. This is just routing. Another point of comparison is port density. You can only have such and such number of ethernet, fastethernet, or maybe even gigabit ethernet ports on a router before the cost becomes quite prohibitive. Oh sure, you can use the router-on-a-stick method. And though it is a good Cisco IOS feature, it was meant to be an interim solution when transitioning from a flat to a segmented network. Anyway, if you only have a relatively small network, say 2 VLANs, you can opt for the router-on-a-stick method. Or better yet, use a router with dual ethernets or fastethernets. However, if you're supporting 4,5, or more networks, that's what L-3 and multi-layer switches are for. Peter, would you agree that when someone says that's what layer3 and multilayer switches are for, they are really talking about router packaging (as oppposed to fundamentally different technology) that creates platforms with certain port densities, functionality tradeoffs, and price points? I would certainly agree. There is definitely a family of enterprise devices that package relatively high density layer two aggregation (ie lots of GE/FE ports) with a routing functionality such that you end up with an integrated device that can route or bridge depending upon configuration. However, such a device is in theory no differently that a router connected directly to a bridge via an external vlan trunked interface. The fact that the box happens to integrate the connection between router and bridge is merely a matter of convenience. In the end, the device either routes or bridges the frames it receives, but takes no action that can be distinctly described as layer three switching. Pete Again, I call attention to the comment of routing in hardware as misleading. I can't think of a routing ASIC, where I actually looked at the chip or chipset design, that wasn't some flavor of Von Neumann stored-program computer. Certain of the specific designs might be microcode rather than RISC or CISC, but they are still basically von Neumann. FPGAs might be a special case, but they can't do the more complex functions. In other words, an ASIC is a computer, just a specialized, optimized computer burned into silicon (or whatever).. Some newer ASICs even are partially reprogrammable, typically with electrically alterable gate arrays and the like. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65341t=65215 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Bandwidth calculations [7:65008]
At 01:36 PM 3/12/2003 +, Amar KHELIFI wrote: sorry i don't agree. check the bandwidth calculator on the net, u will see that i was correct. + for the K and k and B and b, it is so obvious that an explanation is not necessary... While I agree that Kb tends to refer to 1024 and kb to 1000, I will suggest that very few things are so obvious that they do not require explanation. If it truly did not require explanation, you would not be involved in a discussion revolving around the clarity of the expression, or otherwise you mean to suggest that your partner in the discussion is obtuse to to the point of missing the most obvious of points, which I think might be a little offensive. Pete thanx for letting my messages show up normally and then respond to them; s vermill a icrit dans le message de news: [EMAIL PROTECTED] I should also have mentioned that the B is typically capitalized along side the K when dealing with kilobytes (KB) and the b is typically not capitalized when dealing with kilobits (kbps). That's probably at least, if not more, significant than the K/k capitalization (if, in fact, any of it is significant). I mention it because it seems to cause so much confusion. You won't see it around here much, but at some other forums one of the chief complaints relates to achieving only 1/8th the expected download rate. What's happening, of course, is that the download is being measured in KB/sec while the connection is rated in kbits/sec. I'll shut up now... s vermill wrote: Amar KHELIFI wrote: since 1byte=8bits and 1Kbits=1024bits then 32kbps=32768bps=4096bytes there is no formula. Amar KHELIFI, 1kbits does not = 1024bits and 32kbps does not = 32768bps. 1kbps = 1,000bps 32kbps = 32000bps. k simply means 1,000. The whole idea of 1KB (KiloByte) = 1024 bits has to do with binary math and the fact that computers deal in bytes vs. bits. 2^10 = 1024, which is divisibly by 8 (whereas 1,000 would not be). It would be very inconvenient for a computer to have to deal with information blocks that are not divisible by 8. Modern communications systems are not byte-aligned at all and deal strictly in bits. For example, a DS0 is 64kbps. That's 64,000bps. As a side note, and I'm not sure that there's any official convention to go along with this, in general, a KiloByte is abbreviated KB, with a capital K. kilobits per second is generally abbreviated kbps, with a lower-case k. Thus, when you see a capital K, it's safe to assume 1024 is being implied, whereas when you see a lower-case k, it's safe to assume 1,000 is being implied. Regards, Scott Robert Perez a icrit dans le message de news: [EMAIL PROTECTED] Anyone know how the conversion techniques for converting bits, bytes, kilobits, etc, to calculate bandwidth usages? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65204t=65008 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ??? MPLS ??? [7:64898]
At 02:16 PM 3/10/2003 +, Steven Aiello wrote: Sorry for such a newbe question. But what is MPLS? And what is it? Any one have a link they can point me too? Just trying to learn more. I would recommend you start at www.mplsrc.com and possibly surf to the standards page. Within that page, check out http://www.ietf.org/rfc/rfc3031.txt?number=3031 at least for an overview of the architecture of the protocol itself. Cisco will have a great deal of information as well, and certainly played a big role in the development of the specifications, but also tend to use a lot of proprietary terminology that might just confuse you moving forward. Matt Kolon at Juniper said once that MPLS is essentially low overhead, virtual circuits for IP. I personally think this statement aptly describes the protocol. At present, MPLS plays an enabling role in many technical solution sets, mostly in the VPN environment. Hence, a lot of folks, particularly when first learning the protocol, become distracted by the many features that MPLS enabled solutions might present, but lose site of what role MPLS itself plays. The C/S mailing list at Groupstudy might prove an interesting forum for QA as I believe MPLS is more relevant to that track, however this list certainly includes a bunch of folks who have a wealth of knowledge on the topic. Pete Thanks, Steve Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65048t=64898 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: OSPF vs ISIS in large networks [7:65049]
Hi all, Here is a quick post from Dave Katz on ISIS vs OSPF in large networks dealing with the issue of which protocol inherently scales better. This is from a thread in the IETF OSPF WG mailing list for those looking for the full thread. Dave has participated significantly in the development of routing protocol software for both Cisco and Juniper. Thought some folks might find it interesting Pete Date: Sun, 9 Mar 2003 21:05:14 -0800 Reply-To: Mailing List Sender: Mailing List From: Dave Katz Subject: Re: ospf limits... To: [EMAIL PROTECTED] X-RAVMilter-Version: 8.4.1(snapshot 20020919) (usermail.com) X-Spam-Status: No, hits=-8.5 required=9.1 tests=FORGED_RCVD_TRAIL,IN_REP_TO,REFERENCES version=2.50 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) For all practical purposes, the designs of the OSPF and ISIS protocols will not be the limiting factor in the size of an area, unless (a) you have a really good implementation, and (b) you feel the need to dump excessive numbers (many thousands) of external and stub routes into the protocol. Most implementations will crash and burn before the topology gets big enough to become an issue, and most people don't dump externals into their IGPs (they use BGP instead.) Architecturally, OSPF limits the inter-router topology and stub routes due to the 64KB limit on the Router LSA, and ISIS limits the total amount of information due to the 256 LSP fragment limit. One could come up with various hacks for either protocol if these limits were actually, well, limiting, but this has never been the case in (sane) practice. Historically, the ISIS implementation from a particular major vendor has had better scaling characteristics than the OSPF implementation of that particular major vendor, but this this isn't really the case for another major vendor. ;-) --Dave Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=65049t=65049 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Become instructor [7:64820]
At 11:11 AM 3/8/2003 +, omar wrote: Hello , I am working as a freelance and i would like to be an Instructor (Cisco) . Did anybody know the cursus? I believe you still need to work for an authorized Cisco training partner assuming you are looking for the CCSI designation. best regards omar ___ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en frangais ! Yahoo! Mail : http://fr.mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64831t=64820 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: EIGRP for CCIE Written [7:64707]
At 12:11 PM 3/7/2003 +, Johan Bornman wrote: Is EIGRP a Hybrid or Distance Vector protocol? Cisco calls it Hybrid. It looks pretty distance vector to me though. A hello mechanism and adjacencies does not a link state one make. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64724t=64707 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: EIGRP for CCIE Written [7:64707]
At 03:54 PM 3/7/2003 +, The Long and Winding Road wrote: Peter van Oene wrote in message news:[EMAIL PROTECTED] At 12:11 PM 3/7/2003 +, Johan Bornman wrote: Is EIGRP a Hybrid or Distance Vector protocol? Cisco calls it Hybrid. It looks pretty distance vector to me though. in what way? the hop count is pretty well hidden in the dark interior of the code. all those cost numbers, the ( also somewhat hidden ) topology table, and the ( somewaht hidden ) successor table certainly give it the appearance of link state. In a link state algorithm, a router builds a complete topology table for the bounded area in which it operates and then uses a spanning tree like algorithm (dijkstra in most cases) to calculate loop free paths. EIGRP simply does not do this. Primary and secondary paths in EIGRP are calculated based upon indirect information relayed by direct neighbors only using an advanced distance vector algorithm (DUAL). I think Cisco likes to call it Hybrid since many folks feel distance vector routing is inferior to link state and thus by labelling EIGRP as the best of both approaches, Cisco has put a positive spin on the protocol. This is typical marketing garbage from one of the best spin companies on the planet (in a neck and neck race with Microsoft and Harley Davidson for that matter) Pete Chuck who considers all this stuff a kind of magic A hello mechanism and adjacencies does not a link state one make. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64732t=64707 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: EIGRP for CCIE Written [7:64707]
At 04:31 PM 3/7/2003 +, Willy Schoots wrote: Maybe the fact that EIGRP has an option to turn SPLIT HORIZON on/off is a big clue towards it being a DV protocol. Last time I checked OSPF/ISIS didn't have this option ;-) OSPF and ISIS are actually distance vector between areas and use a strict two level hierarchy with a single backbone along with some LSP/LSA process rules that prevent loops. Cheers, Willy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of The Long and Winding Road Sent: vrijdag 7 maart 2003 16:54 To: [EMAIL PROTECTED] Subject: Re: EIGRP for CCIE Written [7:64707] Peter van Oene wrote in message news:[EMAIL PROTECTED] At 12:11 PM 3/7/2003 +, Johan Bornman wrote: Is EIGRP a Hybrid or Distance Vector protocol? Cisco calls it Hybrid. It looks pretty distance vector to me though. in what way? the hop count is pretty well hidden in the dark interior of the code. all those cost numbers, the ( also somewhat hidden ) topology table, and the ( somewaht hidden ) successor table certainly give it the appearance of link state. Chuck who considers all this stuff a kind of magic A hello mechanism and adjacencies does not a link state one make. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64734t=64707 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Layer 3 MPLS VPN Questions [7:64770]
At 09:05 PM 3/7/2003 +, John Neiberger wrote: I'm at the early stages of considering migrating away from a point-to-point frame relay network to a layer 3 MPLS-based private network and I have a couple of questions based on some preliminary verbal information. I was told that no router reconfiguration was required on our side but I don't see how that's possible. Since our CE router connects the the PE router they need to have common addressing and a common routing protocol, which I think must be either OSPF or IS-IS. For L3VPN based on 2547bis, the provider network becomes a layer three peer with your edge gear. In the frame relay model, the provider is fully transparent to you at layer three. Hence, you'll need to establish some sort of layer three peering with the providers edge routers. This could be a typical IGP, or ideally one of static or BGP. A layer two VPN, using pseudowires as defined by Luca Martini in the various draft-martini-pick-your-layer-two, would more or less emulate the type of service you have now and would not require a change in your routed topology. I tend to recommend L2VPNs where customers already have sizable frame networks, unless the customer has a strong desire to outsource its routing to the provider. Regarding the routing protocol, it wouldn't be a big deal to change to using one of the above but that would still be a change, right? :-) Yep Regarding the addressing, is it common for a customer to get a new addressing scheme for the provider for their edge links? Or, will the provider readdress their PE connections that interface with our network? It makes more sense to me that the provider would make us readdress. Does one method seem to be more common than the other? Addressing in one VPN is fully abstracted from another VPN and thus there really isn't the need to migrate toward any unique IP space here. You could use your own space, or some 1918 etc. Since this is a layer 3 VPN the provider's routers will have specific information about our internal addressing, and I can hear our security people groaning over this already. My boss might not like that idea, as well. Has this been a security concern for anyone? Is there reason to be concerned? Conversely, is there a good way for me to explain to my boss and the security department why we shouldn't be concerned? Security is a common concern here. However, in any vpn service, you are putting some trust in the provider as they do have internal access to your traffic flows. If you are concerned about security, there is nothing to preclude the use of IPsec over the public/VPN portions of your network. I'm still awaiting more technical information from our provider, and we're going to have a face-to-face meeting with technical people in a couple of weeks, but I wanted to become more familiar with this technology before they get here. Here is the latest draft for the protocol http://www.ietf.org/internet-drafts/draft-rosen-ppvpn-2547bis-protocol-02.txt Many thanks! John Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64781t=64770 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Re: EIGRP for CCIE Written [7:64707]
At 09:30 PM 3/7/2003 +, The Long and Winding Road wrote: MADMAN wrote in message news:[EMAIL PROTECTED] I agree 100%, it is ENHANCED, read glorified, IGRP. the REAL question is which is better, EIGRP or L3 switching? ;- I'm working on a draft for ARP switching. Still struggling with what layer it works at though and what it specifically does. I'll let you know when I'm finished. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64782t=64707 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Question on BGP aggregation [7:64581]
At 08:31 AM 3/6/2003 +, Mike Flanagan wrote: I have a question on different methods of BGP aggregation. Lets say for instance that I had 4 /24 that I wanted to aggregate to a /22. I am getting these /24's through EBGP and want to summarize them to my IBGP peer withought using any aggregate address or summary address command. What other options would I have to summarize this ? Why would you want to do this? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64619t=64581 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ATM RFC [7:64199]
At 12:19 PM 3/2/2003 +, you wrote: Hi Group, Would u kindly guide me which RFC to read to understand properly the behaviour of different ATM types of service ( vbr-nrt, cbr, abr, ... ) Best Regards The ATM forum is your best bet here. Here is a relevant link. http://www.atmforum.com/standards/approved.html Protect your PC - Click here for McAfee.com VirusScan Online Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=64206t=64199 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: L3 Switching Huh???? [7:63728]
A And that's exactly what would happen if you did the inter-VLAN routing on a router too, using subinterfaces for each VLAN/ IP subnet. :-) And, if it were a high-end router, it could do this at wire speed and would have a RIB and FIB, just like someone else described for the 6500. The 7500 router has had that sort of architecture for years, if I'm not mistaken. Howard has given us lots of examples of other high-end routers that have this sort of architecture. Of course, these high-end routers are probably way more expensive than the so-called L3 switch and probably have all sorts of features that you might not need in a campus network. Last I check, extreme make some pretty cheap bridges with integrated routing :) Naturally, to get a bunch of packet processing without mortgaging forwarding capacity, you'll end up spending more bucks. Howard's point about the relevance of wire speed routing in the enterprise is dead on though - most folks don't need it and wouldn't make use of it even if they had it. So, we're back to the first answer. The difference between a router and a L3 switch is marketing. Also economics. Sorry, I just had to play devil's advocate. What a shame that Cisco has mangled this so much in their intro training materials. Priscilla ... Does that help? Oh - and I think you meant to say layer 3 switching is a marketing term, not scientific or engineering in nature. ... you said layer 3 routing ... Thanks! TJ [EMAIL PROTECTED] -Original Message- From: DeVoe, Charles (PKI) [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 7:45 AM To: [EMAIL PROTECTED] Subject: RE: L3 Switching Huh [7:63728] OK, let me try this again. I am trying to figure out the difference between conventional layer 3 routing and layer 3 switching. A little background. I am currently working towards my CCNA (have been for about 3 years). At any rate, everything I read and look at says that switching/bridging is a layer 2 function, routing is a layer 3 function. Either I don't have a good grasp of the OSI model, switching, routing, VLANs or all of the above. The network: Host A 10.1.1.2 MAC 00.AA Host B 10.1.2.2 MAC 00.BB |10.1.1.1 MAC 01.AA 10.1.2.1 MAC 02.BB| switch A---Router-switch B 10.1.1.0/2410.1.2.0/24 This is an ethernet network. Both segments are connected by a traditional router say a 2500. In this instance the router interfaces are subnet A 10.1.1.1, and subnet B 10.1.2.1 For simplicity, assume ARP cache is empty. Host A wishes to ping Host B End user on Host A enters - ping 10.1.2.2 The IP packet places the source address 10.1.1.2 and the destination address 10.1.2.2 into the packet. The IP protocol examines the IP address and based on the IP address determines this is in another subnet. An ARP request goes out for 10.1.1.1 (default gateway) and the MAC address is found. The DLL then places the source MAC address 00.AA and the destination MAC 01.AA into the frame. The frame then goes out the wire to the destination MAC. The router interface sees this frame as destined for itself. It de-encapsulates the frame removing the MAC addresses. The router then examines the IP address, based on the routing table it knows the destination port. The router leaves the same IP source (10.1.1.2) and destination (10.1.2.2) in the packet. The frame is rebuilt with the new MAC address of source 02.BB and destination 00.BB Host B grabs this packet and does it's thing. Now, if I replace the router with a 6509 switch, with routing, how does the process change? Said 6509 would be equipped with a 10/100 card so that the hosts are now directly connected. The router interface is now a virtual interface, there is no physical interface. Which is another question. How does the 6509 determine this virtual address? Am I correct? Inter VLAN communication cannot occur without a router. Switching is based on MAC address. Routing is based on IP address. I believe the term layer 3 routing is a marketing term, not scientific or engineering in nature. ** The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your
Re: Core Layer L2 or L3 [7:63708]
At 11:05 AM 2/25/2003 +, Skarphedinsson Arni V. wrote: In a Core-Distribution-Access Layer design, would you keep the Core L2 or with high end L2/L3 switches such as the Cat6500 do you think it would be better to do L3 in the core ? I personally haven't found the need to have a Distribution layer in most networks. It's a model designed by vendors to sell boxes imho. Pete Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63714t=63708 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: L3 Switching Huh???? [7:63728]
At 03:54 PM 2/25/2003 +, DeVoe, Charles (PKI) wrote: I am under the impression that switching is a layer 2 function and that routing is a layer 3 function. I have seen several discussions talking about layer 3 switching. Could someone explain this to me? Bridging is a layer two function, routing is a layer three function. Switching is an ambiguous term and should be avoided in technical conversations. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63746t=63728 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Core Layer L2 or L3 [7:63708]
At 04:08 PM 2/25/2003 +, [EMAIL PROTECTED] wrote: In a pratical world it all comes down to your needs for your business and the money you want to spend. We use a collapsed core with 2 4006 with Supervisor III's doing the layer 3 functions. We could add a high performance layer 2 switch for the core but it would be overkill. I don't disagree, however merely suggest that the model was driven by a vendor interested in selling more devices. Keep in mind you should also have a minimum of two devices per layer for resiliency ;-) If you have a high performance core that can provide access aggregation, packet processing and performance all at the same time, and your port costs are comparable per mbps, I'm not sure why you'd buy a distribution layer other than to help a rep hit his number for the quarter. -Original Message- From: Peter van Oene [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 25, 2003 8:13 AM To: [EMAIL PROTECTED] Subject: Re: Core Layer L2 or L3 [7:63708] At 11:05 AM 2/25/2003 +, Skarphedinsson Arni V. wrote: In a Core-Distribution-Access Layer design, would you keep the Core L2 or with high end L2/L3 switches such as the Cat6500 do you think it would be better to do L3 in the core ? I personally haven't found the need to have a Distribution layer in most networks. It's a model designed by vendors to sell boxes imho. Pete Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63782t=63708 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: L3 Switching Huh???? [7:63728]
At 04:46 PM 2/25/2003 +, Robert Edmonds wrote: Layer 3 switching combines the best of switching and routing in one platform. The main advantage here is speed. The way it works is, in a switch you have some kind of layer 3 routing engine (aka route processor, or RP). For example, the MSFC2 (Multilayer Switch Feature Card 2) is one of the options available for the Cisco 6500 (and a couple of others, I think) switches. When the switch receives a packet bound for a different VLAN, it sends it to the RP. The RP makes the routing decision and puts an entry in the route cache for the switch. The first packet in a flow is routed and the rest are switched at wire speed, hence the increase in speed. That's kind of a simplified view, but I think it gets the general idea across. So, layer 3 switching is both routing and switching, but faster (usually, anyway). One should keep in mind that many vendors including Cisco have been capable of doing per packet routing at wire speed for some time and thus this advantage is a legacy attribute. DeVoe, Charles (PKI) wrote in message news:[EMAIL PROTECTED] I am under the impression that switching is a layer 2 function and that routing is a layer 3 function. I have seen several discussions talking about layer 3 switching. Could someone explain this to me? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63783t=63728 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: L3 Switching Huh???? [7:63728]
At 06:03 PM 2/25/2003 +, Ellis, Andrew wrote: According to Cisco: Layer 3 switching refers to a class of high-performance switch routers optimized for the campus LAN or intranet, providing wirespeed Ethernet routing and switching services. Compared to other routers, Layer 3 switch routers process more packets faster by using application-specific integrated circuit (ASIC) hardware instead of microprocessor-based engines. My own two cents: Wire speed routing if you will. By that logic, a wire speed router is a layer three switch :-) It's all marketing garbage if you ask me. If you put a router inside a high performance switch, you have two devices sharing the same chassis, one bridging and one routing. Drew -Original Message- From: DeVoe, Charles (PKI) [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 25, 2003 10:55 AM To: [EMAIL PROTECTED] Subject: L3 Switching Huh [7:63728] I am under the impression that switching is a layer 2 function and that routing is a layer 3 function. I have seen several discussions talking about layer 3 switching. Could someone explain this to me? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63785t=63728 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Core Layer L2 or L3 [7:63708]
At 11:17 PM 2/25/2003 +, you wrote: Peter, The current rumour for the Academy CCNP program is that Cisco is dropping the 3 layer model and moving to a 2 layer model with L3 in the core for the BCMS course. I guess I'll find out for certain at Networkers in Orlando, Fla. this June. That would be very interesting. I am always leery of vendor models as they tend to have the vendor foremost in their mind :-) I always try and caution folks not too build hierarchy just to have it. Naturally, your 15 router OSPF network's visio diagram exudes a great deal more sharpness when it has a nice backbone and some number of non-backbone areas. However, in reality, many networks -large and small- are served far better with non hierarchical topologies. I am naturally digressing from the topic of three layer networks, but I think the message is the same. As others have pointed out, don't give in to the desire to build really neat networks that use a lot of technology unless you actually have a need for them. This to me would include building 3 layer networks where 2 layer ones would suffice (and be cheaper in both CAPEX and OPEX) Just my .02c as I sit here snowed-in in Arkansas of all places :-) Who would think I'd fly from Toronto to Littlerock and end up stuck in more snow than I left! Pete Prof. Tom Lisa, CCAI Community College of Southern Nevada Cisco ATC/Regional Networking Academy Cunctando restituit rem Peter van Oene wrote: At 11:05 AM 2/25/2003 +, Skarphedinsson Arni V. wrote: In a Core-Distribution-Access Layer design, would you keep the Core L2 or with high end L2/L3 switches such as the Cat6500 do you think it would be better to do L3 in the core ? I personally haven't found the need to have a Distribution layer in most networks. It's a model designed by vendors to sell boxes imho. Pete [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63816t=63708 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Layer3 Routers VS Switches [7:63072]
At 12:22 PM 2/15/2003 +, Juntao wrote: indeed with L3 switching, we can more closely arrive at wire speed, but in the course of my practice, i seen L3 switches mainly interconnecting Lan's, yes a flexwan modul exists to interconnect wan's on the same box but usually we like to separate the lan's from wans for the sack of issolation and greater security implementation options. Routers have delivered OC-192 wire speed routing for a few years now. I personally don't know what an L3 switch is technically. It reminds me of the L2 switch. Just another bit of marketing. i hope the above helps Larry Letterman a icrit dans le message de news: [EMAIL PROTECTED] L3 is usually considered to be wire speed and uses faster asics... Routers such as 7200/7500 use older slower hardware to route... Larry Letterman Network Engineer Cisco Systems - Original Message - From: Nanda To: Sent: Friday, February 14, 2003 4:46 PM Subject: Layer3 Routers VS Switches [7:63072] Hi Guys... We have Layer3 Switches and routers...In what scenario one would ideally use Layer3 switches over routers.. Do They have any significant advantage over using routers Why do they have layer3 switches when we have routers are good enough to do the job... I am confused...I wud appreciate if someone cud clarify. Thanks in Advance __ With Warm Regards... Nanda [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=63108t=63072 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Myers Briggs Re: OT: New Instructor Experiences [7:62826]
There's more about the Myers Briggs personality sorter here: http://keirsey.com/ Anyone else want to share what they are, or have we wasted enough bandwidth on this already? :-) Priscilla First, you're correct about the mix of learning styles in my class. This is just a three-hour overview of networking and TCP/IP, and it is a little difficult to convey the necessary information without a portion of the class getting lost or falling asleep. :-) I've heard good things about the class yesterday that I thought went so poorly so perhaps I was overreacting. As for Myers Briggs, I'm a fellow INTJ. However, I really dislike their testing process. It seems to consist of Given a certain situation would you do A or would you do B with no room for a 'maybe' answer. At least a third of the time I wish there were a sometimes A and sometimes B answer. Perhaps that means I'm an INTJ with definite ISTJ leanings? John ENTP here :) Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62960t=62826 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP config question. [7:62860]
At 01:36 PM 2/12/2003 +, Peter Walker wrote: Folks A quick question on external BGP connection configuration. Given an organisation (ORG) with 2 EBGP routers (up1, up2) and two upstream providers (pr1, and pr2) where provider pr1 is currently linked to the router up1 via a serial link and provider pr2 is currently linked to router up2 via a traffic shaped and limited ethernet link. ORG is does not allow transit between the providers. Is there any reason why ORG should not a) connect pr1 to the same ethernet segment b) form bgp neighbor relationship with BGP peer at provider pr2 c) advertise appropriate MED values requesting that pr2 prefer up2 d) set local preference to prefer link via up2 to pr2 over up1 to pr2 I'm not sure if you are messing up your prs and ups here, but I'm not following you entirely. Why would you not just peer both routers and use prepend/med and pref to control load like most folks do? Maybe explaining what is better or different about this approach would help explain what the approach is :) Pete What I am looking for is technical (or business/political) reasons why this is a good or bad idea. I understand that all this would give is redundancy at the router level (up1, up2), the ethernet link and pr2's router are all still potential single points of failure. I also understand that pr2 may not wish to allow such a configuration. Also, what would need to be done to ensure that any changes made would not have any impact on decisions regarding the routing choice between pr1 and pr2? Regards Peter Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62864t=62860 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP config question. [7:62860]
At 03:59 PM 2/12/2003 +, Peter Walker wrote: Yep you are right. Lets try that again ... a) connect up1 to the same ethernet segment b) form bgp neighbor relationship with BGP peer at provider pr2 c) advertise appropriate MED values requesting that pr2 prefer up2 d) set local preference to prefer link via up2 to pr2 over up1 to pr2 In terms of what I am asking is, are there any issues with having two 'redundant' bgp links from two different routers in one AS over a single multi-access link to a single router in another AS. So basically you have two routers and both r1 and r2 connect to the same router on the provider side while r1 also maintains a connection to another router on the provider side. In this case, you don't really buy yourself much other than router redundancy on your side. The cost is purely in control traffic that will transit the ethernet link. BGP isn't that chatty unless peering sessions are flapping (which would be abnormal) so this shouldn't be a big problem. Only other cost would be additional config complexity which might impede troubleshooting. Beyond that, things should work fine as long as the provider agrees to set it up. Pete It seems to me that this would be a simple no-brainer type of change to make, but I just have a nagging suspicion that there is some gotcha waiting to jump out when you least expect it. None of the sample configurations I have seen seem to mention this sort of config and I was wondering if there was some reason why it shouldnt be done, or if it was just one of those obscure variations of common configurations that did not warrant it's own explicit mention. Peter --On 12 February 2003 14:27 + Peter van Oene wrote: At 01:36 PM 2/12/2003 +, Peter Walker wrote: Folks A quick question on external BGP connection configuration. Given an organisation (ORG) with 2 EBGP routers (up1, up2) and two upstream providers (pr1, and pr2) where provider pr1 is currently linked to the router up1 via a serial link and provider pr2 is currently linked to router up2 via a traffic shaped and limited ethernet link. ORG is does not allow transit between the providers. Is there any reason why ORG should not a) connect pr1 to the same ethernet segment b) form bgp neighbor relationship with BGP peer at provider pr2 c) advertise appropriate MED values requesting that pr2 prefer up2 d) set local preference to prefer link via up2 to pr2 over up1 to pr2 I'm not sure if you are messing up your prs and ups here, but I'm not following you entirely. Why would you not just peer both routers and use prepend/med and pref to control load like most folks do? Maybe explaining what is better or different about this approach would help explain what the approach is :) Pete What I am looking for is technical (or business/political) reasons why this is a good or bad idea. I understand that all this would give is redundancy at the router level (up1, up2), the ethernet link and pr2's router are all still potential single points of failure. I also understand that pr2 may not wish to allow such a configuration. Also, what would need to be done to ensure that any changes made would not have any impact on decisions regarding the routing choice between pr1 and pr2? Regards Peter Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62878t=62860 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Catalyst 6500 vs 7200 VXR [7:62892]
At 06:37 PM 2/12/2003 +, Brett Johnson wrote: What benefits can a Catalyst 6500 switch provide that a 7200 router cannot? Are the FLEXWAN modules a reliable product or is it better to separate your WAN traffic devices from you LAN devices? What about the performance of the FLEXWAN modules? I am just trying to understand if money is no object why would someone buy a 7200 router over a Catalyst 6500 with FLEXWAN modules. Thank you, sorry if this is too vague. I personally would recommend separating L2 switching from routing myself. Purpose built platforms tend to have optimal cost efficiencies and stable software. Nice, fast, cheap L2 switching to the desktop tapped into a decent routed backbone sounds ideal to me. Small broadcast domains are quite helpful as well, unless you are a big fan of Sapping Tree. Brett Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62906t=62892 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Simple Ip issue (need help) [7:62728]
At 06:18 PM 2/10/2003 +, Priscilla Oppenheimer wrote: You can't have duplicate IP addresses anywhere. They have to be unique. The only exceptions would be if you were doing some sort of NAT or tunneling or something and the duplicates were hidden from each other. You don't get an error when you try to configure it because it's a lot harder for IOS to detect this on a serial interface than on an Ethernet interface. On Ethernet, a Cisco router ARPs for the address you give it. If it receives a reply, then it gives you an error and won't let you use the address. There's no ARP in serial land. You think you're pinging successfully, but how do you know who is really replying? Even if you could assign duplicate IP addresses, you shouldn't. You would wreak havoc with all sorts of things. There's no reason to do it either. If you're concerned with running out of addresses, just use private address. The 10.0.0.0 network has 16 million possibilities. For what it's worth, duplicating the same IP across a set of DNS servers in the same AS can provide an interesting spin on resiliency. So long as you configure unique IP's for normal communication. This sort of thing works good for protocols that are stateless (UDP DNS) Anycast-RP in PIM networks also uses the same IP on multiple boxes :-) Someone had to get blunt here! :-) Someone had to split some hair ! ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com Ladrach, Daniel E. wrote: If you ping you are probably pinging the Local IP.Try debug ip icmp to verify what you are pinging. Daniel Ladrach CCNP, CCNA WorldCom -Original Message- From: Monu Sekhon [mailto:[EMAIL PROTECTED]] Sent: Monday, February 10, 2003 12:03 PM To: [EMAIL PROTECTED] Subject: RE: Simple Ip issue (need help) [7:62728] Hi All, Thanx again for all for contribution confusion still there , I am pinging remote side and I am able too. any comments from all(still confused with answers) Walker, James - Is wrote: Only problem is which side are you pinging -Original Message- From: John Murphy [mailto:[EMAIL PROTECTED]] Sent: Monday, February 10, 2003 11:15 AM To: [EMAIL PROTECTED] Subject: Re: Simple Ip issue (need help) [7:62728] If you're asking what I think you're asking, then I think your answer is yes, but you won't be able to pass any traffic across the circuit. Unless you've confused me (it doesn't seem I would be the only one), then the answer might not be the same. - Original Message - From: Monu Sekhon To: Sent: Monday, February 10, 2003 12:13 AM Subject: Simple Ip issue (need help) [7:62728] Hi All, I have very simple question, Can we use duplicate ips on serial interfaces among them seleves although we cannot use duplicate ip on serial with Ethernet(lan interface) or loopback interface. My topology is like this Client router server router(connected back to back) 2 interfaces 2 inetrfaces these routers connected back to back configuration int serial 0/0 encap hdlc ip address 1.1.1.1 255.255.255.0 int serial 0/1 ip address 1.1.1.1 255.255.255.0 encap hdlc now if all the two interfaces of serial even if given duplicate ip among themselves works fine. no error from cli .interfaces are up and i am able to ping remote side. The ques is that 1) Lan interface also was in different subnet but serial interface doesnot accept that ips as duplicate or of loopback 2)What Implication such have on my design ,any limitation it has Does this type of design can be used, This is small thing is confusing me about ip. Thanx in advance Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62780t=62728 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Simple Ip issue (need help) [7:62728]
At 01:20 AM 2/11/2003 +, Priscilla Oppenheimer wrote: No problem with the splitting of hairs. :-) I have been wondering why Cisco lets you do what the original poster is doing, which most of us misunderstood. He is using the same IP address on 2 serial interfaces on the SAME router. Sonet APS comes to mind? I usually use a /29 with 4 addresses, but you could use the same address. If you try to use the same IP address on two Ethernet interfaces, you just get an error when you try to configure the second Ethernet interface. I can't think of a practical use for this myself. With two serial interfaces, you don't get an error. Is this just an oversight? There are many such oversights in Cisco IOS. :-) Or maybe there is a real reason to do it. The more I think about it (over the last two paragraphs of your msg) the more APS seems the likely candidate. If you couldn't, this would be restrictive in some cases. Of course I'm thinking APS capable interfaces. I said in my original message that there's no ARP on serial interfaces so the router can't easily figure out if anyone else is using its address like it does on Ethernet. On Ethernet the router can send an ARP to see if someone else replies. But that's someone else on the LAN connected to the interface, not another interface on the same router. So, if it gives you an error on Ethernet when you use an address you have already used on another Ethernet interface, why doesn't it give you an error for serial interfaces? Maybe there's an actual technical reason, although probably it's just an oversight. By the way, it lets you configure an Ethernet interface to use an address already in use on a serial interface, but if you try to do it in the other order then you get an error. That's probably just another oversight. Would agree here. Might be something to do with internal mechanisms to map macs to IPs. Ie, if an interface is added, check the mac/ip binding list for duplicates and error if there is one. Such a mechanism wouldn't be relevant in SONET and for the APS reasoning, it may be expected that some interfaces share the same address. Cisco has always given you enough rope to hang yourself. Decent error messages have never been any more important than ease-of-use. :-) Priscilla Peter van Oene wrote: At 06:18 PM 2/10/2003 +, Priscilla Oppenheimer wrote: You can't have duplicate IP addresses anywhere. They have to be unique. The only exceptions would be if you were doing some sort of NAT or tunneling or something and the duplicates were hidden from each other. You don't get an error when you try to configure it because it's a lot harder for IOS to detect this on a serial interface than on an Ethernet interface. On Ethernet, a Cisco router ARPs for the address you give it. If it receives a reply, then it gives you an error and won't let you use the address. There's no ARP in serial land. You think you're pinging successfully, but how do you know who is really replying? Even if you could assign duplicate IP addresses, you shouldn't. You would wreak havoc with all sorts of things. There's no reason to do it either. If you're concerned with running out of addresses, just use private address. The 10.0.0.0 network has 16 million possibilities. For what it's worth, duplicating the same IP across a set of DNS servers in the same AS can provide an interesting spin on resiliency. So long as you configure unique IP's for normal communication. This sort of thing works good for protocols that are stateless (UDP DNS) Anycast-RP in PIM networks also uses the same IP on multiple boxes :-) Someone had to get blunt here! :-) Someone had to split some hair ! ___ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com Ladrach, Daniel E. wrote: If you ping you are probably pinging the Local IP.Try debug ip icmp to verify what you are pinging. Daniel Ladrach CCNP, CCNA WorldCom -Original Message- From: Monu Sekhon [mailto:[EMAIL PROTECTED]] Sent: Monday, February 10, 2003 12:03 PM To: [EMAIL PROTECTED] Subject: RE: Simple Ip issue (need help) [7:62728] Hi All, Thanx again for all for contribution confusion still there , I am pinging remote side and I am able too. any comments from all(still confused with answers) Walker, James - Is wrote: Only problem is which side are you pinging -Original Message- From: John Murphy [mailto:[EMAIL PROTECTED]] Sent: Monday, February 10, 2003 11:15 AM To: [EMAIL PROTECTED] Subject: Re: Simple Ip issue (need help) [7:62728] If you're asking what I think you're asking, then I think your answer is yes, but you won't be able to pass any traffic across
Re: BGP exam study recommendations [7:62784]
At 11:40 PM 2/10/2003 +, Peter Walker wrote: Folks I am wondering if anyone has any recommendations for BGP study. I am booked in for the BGP beta exam on Friday and still dont feel comfortable with my level of BGP knowledge. I have read the following over the last few months Halabi - Internet Routing Architectures. Doyle Vol 2 (BGP sections) John Stewart III (BGP4 book) William Parkhurst (The RFC stuff at the back and some of the command reference) I am going to go back and reread some of Halabi, all of the Parkhurst command reference chapters and probably some of the RFCs. Does anyone have any additional 'must-read' references that I should look at before Friday? I realise that I have all the basic info that I need and, to be honest, feel that I could pass the test already. However I am one of those people that want to understand things at the gut/instinct level and I really dont feel that I am at that point yet. If you read all this stuff and still don't understand BGP the way you would like to, more books likely aren't what you need. I would focus more on hands on work. Many folks learn better by doing than reading (me for one :). If you are a Certificationzone subscriber, Howard Berkowitz has a three tutorial set on BGP that come with some labs to help illustrate points which might help. But I'm sure just working through some configs on a lab while following along with your reading material might be the best bet. Pete Any other suggestions? Peter Walker CISSP, CSS1, CC[NID]P, etc Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62788t=62784 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Distribute-list out in ISIS - NOT working!!....Why?? [7:62643]
At 03:46 PM 2/7/2003 +, Cisco Nuts wrote: Hello,I am trying to use a distribute-list out serial 1 in isis...basically blocking an Ospf route from being leaked into the Isis domain. It lets me type in the commands but when I do a show run, the commands are not there!! Why??On the neighboring isis router, I do not even get an option to set the distribute-list in??Now I know, in Ospf the distribute-list out does not work but did not know about this in Isis?Can anyone shed light on this? I had to use a redistribute connected with a route-map option.Here is my config:R3-B(config)#router isis You can't filter individual networks on an interfaces basis in a link state protocol. You can only filter them as they are generated, or more specifically identified for population in LSA/LSPs. Once in the LSA/LSP, they flood naturally. R3-B(config-router)#distribute-list 51 out serial 1 R3-B(config-router)#endR3-B#rbr router isis redistribute connected metric 3 route-map serial level-1 redistribute rip metric 3 level-1 net 00...0003.00 is-type level-1 Thank you.Sincerely,CN Help STOP SPAM with the new MSN 8 and get 2 months FREE* Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62643t=62643 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Reminder about Out of Office Messages [7:62645]
When you leave work for a while, can you please try and make sure that your out of office assistant doesn't respond to mailing lists :) This generates a lot of superfluous mail. Thanks and sorry for the OT post. Pete Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62645t=62645 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: question(routing) [7:62490]
At 08:02 AM 2/5/2003 +, kaushalender wrote: Hello group, Kindly resolve my confussion.I have cisco 2610 router.We r running static routing with our service provider .Now what is happening that suddely my http request stoped going out means there was no browsing on lan and customer I was able to telnet every website on port 80 that means i able to reach website till apllication layer from my pc .Now how can i find out what is killing my http request in my network . and my service provider is saying that from my side huge amount of routing loops is coming but i have put whole announced network on ethernet. This is the conf .PLz help me If you had routing loops, everything would be broken, not just http. Try traceroutes from a site like route-views.oregon-ix.net into your network and likewise outbound to prove out your routing config. Beyond that, look at things that are impacting performance and layer 4 and above. Also, ask your ISP to clarify what they mean by loops. Given you run statically to them, I'm not sure what they mean. sh run Building configuration... Current configuration : 4962 bytes ! version 12.2 service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption ! hostname Rainbow ! logging buffered 1 debugging no logging console aaa new-model aaa authentication login default local group radius aaa authorization exec default local group radius enable secret 5 $1$WyvH$D/U2xWxcDfbROyR7PtGXS1 enable password 7 000D0016457B525F56 ! username rainbow password 7 095E4F0017071805 clock timezone GMT 5 clock summer-time GMT recurring ip subnet-zero no ip source-route ip wccp version 1 ip flow-cache timeout inactive 300 ip flow-cache timeout active 1 ip cef ! ! ip name-server 202.78.168.6 ip name-server 202.78.168.14 p name-server 202.54.15.1 ! ! class-map match-any http-hacks match protocol http url *.ida* match protocol http url *cmd.exe* match protocol http url *root.exe* match protocol http url *readme.eml* ! ! policy-map mark-inbound-http-hacks class http-hacks set ip dscp 1 ! ! interface Ethernet0/0 ip address 202.78.164.3 255.255.252.0 secondary ip address 202.54.194.65 255.255.255.224 secondary ip address 202.78.168.26 255.255.248.0 ip access-group 115 in ip access-group 115 out no ip proxy-arp rate-limit input access-group 121 48000 52000 52000 conform-action transmit exceed-action drop rate-limit input access-group 122 32000 32000 32000 conform-action transmit exceed-action drop rate-limit output access-group 110 64000 64000 64000 conform-action transmit exceed-action drop rate-limit output access-group 121 296000 30 30 conform-action transmit exceed-action drop rate-limit output access-group 122 32000 32000 32000 conform-action transmit exceed-action drop no ip mroute-cache full-duplex service-policy input mark-inbound-http-hacks service-policy output mark-inbound-http-hacks no cdp enable interface Serial0/0 bandwidth 512 no ip address no ip mroute-cache shutdown no fair-queue ! interface Serial0/1 bandwidth 512 no ip address no ip route-cache no ip mroute-cache shutdown ! interface Serial0/2 no ip address shutdown ! interface Serial0/3 description OASIS LINK ip address 216.252.243.5 255.255.255.252 ip access-group 107 in ip access-group 107 out rate-limit input 64000 128000 128000 conform-action transmit exceed-action drop rate-limit output 64000 128000 128000 conform-action transmit exceed-action drop encapsulation ppp ! interface Serial1/0 description Shapura Link ip address 216.252.243.1 255.255.255.252 ip access-group 107 in ip access-group 107 out rate-limit input 32000 32768 32768 conform-action transmit exceed-action drop interface Serial1/1 description DOIT LINK bandwidth 128 ip address 216.252.243.17 255.255.255.252 rate-limit input 32000 65536 65536 conform-action transmit exceed-action drop rate-limit output 32000 65536 65536 conform-action transmit exceed-action drop encapsulation ppp service-policy input mark-inbound-http-hacks service-policy output mark-inbound-http-hacks ! nterface Serial1/2 no ip address shutdown ! interface Serial1/3 description vsnl link ip address 202.54.192.66 255.255.255.252 ip access-group 115 in ip access-group 115 out encapsulation ppp service-policy input mark-inbound-http-hacks service-policy output mark-inbound-http-hacks !p flow-export source Ethernet0/0 ip flow-export version 5 peer-as ip flow-export destination 202.78.168.2 2055 ip classless ip route 0.0.0.0 0.0.0.0 202.54.192.65 ip route 202.78.160.0 255.255.252.0 203.129.200.193 ip route 202.78.167.0 255.255.255.240 202.78.164.2 ip
Re: 7500 Router CPU rocketing to 90% [7:62530]
At 07:18 PM 2/5/2003 +, Mohsin Hussain wrote: We have 2 7500 routers with CIPs installed. Recently the router started to have its CPU shooting upto 90%. When show process cpu is run. It does not show what process is causing this because none of the processes are or add upto 80 or 90%. Only two processes: IP input at 10% and cls background at 14%. The rest of the processes are at 0 or 0.1%. I would call the TAC on this. Are there hidden processes that could be cause of the high cpu utilization? If so how can it be seen (i.e any show commands?. Thanks, Mohsin Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=62535t=62530 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Wrong definition type 4 summary LSA for ASBRs [7:61615]
The AS external ASBR summary link- This LSA is sent to a router that connects to the outside world (ASBR). It is sent from the Area Border Router to the Autonomous System Boundary Router. The LSA contains the metric cost from the ABR to the ASBR. This is identified as a Type 4 LSA. In my opinion this is wrong, isn't it? Or maybe I'm missing something? The problem is, it is quite easy to get a contract for book writing these days. Furthermore, many publishers (not picking on any one in particular) are bring books to market before a proper editing (technical/copy/etc) process has been completed. Hence, I highly recommend you buy books that are either highly recommended, or written by authors who are either authoritative on the subject (ie participated in the spec development) or those that have a reputation for writing quality materials. There is unfortunately a fair amount of not very top notch books out there. Pete My understanding is that a type 4 summary LSA is originated by ABRs.It is sent into an area by the ABR to advertise the AS boundary routers. Could someone confirm my understanding? Eric Brouwers Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61847t=61615 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF to Internet Q [7:61823]
Why not just push default into your OSPF network from a router(s) with a direct link to your firewall. Then your firewall simply points default to the BGP speaking router (or uses vrrp or some igp for resilient routing in the case of multiple routers) Running BGP through your firewall, or redistributing from BGP to OSPF or vice versa don't sound like great ideas to me. I am likewise somewhat confused by the question however :-) You might be better off presenting the topology and asking for routing protocol recommendations. Pete At 06:29 PM 1/25/2003 +, Steve Ringley wrote: That is why I am asking the question - it is unclear! Let me try it this way: If we take the textbook Internet setup, we would have an outside router - BGP firewall inside router - OSPF ASBR to BGP core router - OSPF backbone On the inside router, would I create an ASBR with area 0 defines on the inside to core connection or Would I create an new OSPF area to define the connection between the inside router and the core router? There are several of these types of connections in the larger network, and there is an expectation that if one of these goes down the OSPF and BGP will figure it out and shift traffic to the working connections. Priscilla Oppenheimer wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I'm afraid your question isn't clear. By definition, an ASBR connects two unlike networks, one that is running OSPF and one that isn't. So, the ASBR will connect to the Internet in your example. Steve Ringley wrote: I have an OSPF network, and I have my Internet connections. Do I: ASBR where traffic goes from area 0 to the Internet Is that where your Internet connection is? In area 0? Often, it is, and that's where your ASBR will be. or ASBR where traffic goes to an area x then to the Internet? Goes from where to an Area x and then to the Internet?? This is where your question gets unclear. But if you are considering putting an ASBR between Area x and Area 0, then that doesn't make sense. It's not an ASBR because it's connecting two OSPF networks. If your Internet connection is in Area X, you will have an ASBR that connects the OSPF world to the Internet, sitting on the edge of Area X. Are you asking if the ASBR should be in Area 0? I think the answer is yes, if it can, but sometimes that's simply not possible on large internetworks with multiple egress points. If I completely missed what you're getting at, sorry! Priscilla This was never clear to me from my reading. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=61862t=61823 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE written RS [7:60606]
At 02:57 PM 1/8/2003 +, you wrote: Hi to all, I wanted to know if there are any type in questions(type the command in) on the CCIE written, for RS. Answering that would violate the NDA in my opinion. If there are, you'll certainly be prepared on your second attempt should they cause you not to pass the first :-) Thanks Kash - Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60702t=60606 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF state [7:60572]
Routers on a multi-access segment where a DR and BDR exist may be neighbors, but not form an adjacency. All the non DR/BDR routers will not become adjacent with one another, however they will still be neighbors. I think you knew this already though :) OK. kinda like in my neighborhood where all of us live on the same block, but most of us don't talk to eachother? ;- Are you sure it's not just you they don't talk to? It could be that you haven't come out of your house after hours in 2 years as you chase your number :-) Pete JMcL The Long and Winding Road wrote: John Brandis wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi All, can you tell I am having fun with OSPF ?? Any way, I am playing with OSPF on different network types. I wish to see if i have a full adjacency or if I have only acheieved a neigbor state on certain types of networks. Where, can I find what state I am currently in, and what router is the DR/BDR. At moment, I am on point-point link and I am expecting not to see any election of DR/BDR. show ip ospf neighbor show ip ospf neighbor detail can add ip addresses in there to see just a single neighbor. I'm a bit confused, though, by what you mean when you say neighbor state versus adjacency If you don't have adjacency, you don't have anything. ( don't got adjacency, you don't got s**t, as they say in the hood ) Thanks all. jb ** visit http://www.solution6.com UK Customers - http://www.solution6.co.uk ** The Solution 6 Head Office and Branch in Sydney is moving premises. From Monday 25th November our Head Office and NSW Branch will be located at: Level 14, 383 Kent Street, Sydney NSW 2000. General Phone: 61 2 9278 0666 General Fax: 61 2 9278 0555 ** This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60703t=60572 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF state [7:60572]
At 06:24 PM 1/8/2003 +, The Long and Winding Road wrote: Jenny McLeod wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... As well as show ip ospf neighbour suggested below, show ip ospf int is worth looking at. TLaWR, I think you've had a brain fade. Routers can be neighbours but not adjacent. But you knew that? Is this one of those tree falling in the forest questions? I personally don't consider that two OSPF routers can have a neighbor relationship without being adjacent. Call me one of those retentive types. I am always willing to learn. So how would to OSPF routers be neighbors if they are not adjacent? I appreciate they can be on the same link, just like my own neighbors live on the same street. That doesn't mean there is a relationship. Routers on a multi-access segment where a DR and BDR exist may be neighbors, but not form an adjacency. All the non DR/BDR routers will not become adjacent with one another, however they will still be neighbors. I think you knew this already though :) Pete JMcL The Long and Winding Road wrote: John Brandis wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi All, can you tell I am having fun with OSPF ?? Any way, I am playing with OSPF on different network types. I wish to see if i have a full adjacency or if I have only acheieved a neigbor state on certain types of networks. Where, can I find what state I am currently in, and what router is the DR/BDR. At moment, I am on point-point link and I am expecting not to see any election of DR/BDR. show ip ospf neighbor show ip ospf neighbor detail can add ip addresses in there to see just a single neighbor. I'm a bit confused, though, by what you mean when you say neighbor state versus adjacency If you don't have adjacency, you don't have anything. ( don't got adjacency, you don't got s**t, as they say in the hood ) Thanks all. jb ** visit http://www.solution6.com UK Customers - http://www.solution6.co.uk ** The Solution 6 Head Office and Branch in Sydney is moving premises. From Monday 25th November our Head Office and NSW Branch will be located at: Level 14, 383 Kent Street, Sydney NSW 2000. General Phone: 61 2 9278 0666 General Fax: 61 2 9278 0555 ** This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60629t=60572 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 6500 IOS / CatOS [7:60499]
At 02:21 PM 1/7/2003 +, Jay Greenberg wrote: What would be better suited to a large ISP's Gigabit Backbone? 6500 SUP2/MSFC2/PFC2 with CatOS or IOS? Is it just about personal preference or are there stability / usability issues? I'm not aware of any large ISPs who use 6500's as core routers. Thanks, Jay Greenberg Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60506t=60499 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Vs. BS or MS degree [7:59481]
A BTW, I do consider this a fundamentally silly discussion, but I think it's somewhat relevant for newbies to know that neither the cert nor the degree is the ultimate answer. If you have a BS degree, CCIE will add more benefits than MS for you. Sure, if you want to plug routers in for a living. OK. I'll provide the straight line. What IS the ultimate answer? You know, to Life? The Universe? And Everything?!? ;- Forty-Two. But what was the question again? Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60547t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CCIE Vs. BS or MS dergree [7:59481]
I would just like to reiterate that the graduate degree (master's or PhD) provides you a whole lot more flexibility than the CCIE ever can. With a graduate degree, you can branch out far and beyond network engineering. That this thread subsists continues to amaze me. The CCIE, challenging though it may be, is just a vendor test. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60064t=59481 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: virtual link and nssa [7:59174]
On Fri, 2002-12-13 at 05:59, Sara Li wrote: Dear all, I am doing the cyscoexpert sample lab. R1--area12--R2---Area51---R5---Area0 area 12 cant receive lsa type 5 routes, so it need to be either a nssa or stub, however, there is virtual link between r2 and r5, can r2 be configured with stub or nssa at the same time with virtual link to r5? i thought i read it somewhere stub cant be virtual link? Pls help. Virtual Links must not use stub areas for transit due to the fact that the virtual link does not provide for type 5 flooding, and therefore expects the transit area to provide these LSAs. An NSSA area is a stub area. Pete Tired of spam? Get advanced junk mail protection with MSN 8. . Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59174t=59174 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: virtual link and nssa [7:59174]
On Fri, 2002-12-13 at 09:25, Casey, Paul (6822) wrote: Use a GRE tunnel to create a virtual link through a NSSA, it the only way,.,, With a tunnel, you will obviate the need for the VL in the first place. Check cisco web site for this...!!! -Original Message- From: Peter van Oene [SMTP:[EMAIL PROTECTED]] Sent: 13 December 2002 14:08 To: [EMAIL PROTECTED] Subject:Re: virtual link and nssa [7:59174] On Fri, 2002-12-13 at 05:59, Sara Li wrote: Dear all, I am doing the cyscoexpert sample lab. R1--area12--R2---Area51---R5---Area0 area 12 cant receive lsa type 5 routes, so it need to be either a nssa or stub, however, there is virtual link between r2 and r5, can r2 be configured with stub or nssa at the same time with virtual link to r5? i thought i read it somewhere stub cant be virtual link? Pls help. Virtual Links must not use stub areas for transit due to the fact that the virtual link does not provide for type 5 flooding, and therefore expects the transit area to provide these LSAs. An NSSA area is a stub area. Pete Tired of spam? Get advanced junk mail protection with MSN 8. . This E-mail is from O2. The E-mail and any files transmitted with it are confidential and may also be privileged and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorised direct or indirect dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received the E-mail in error please notify [EMAIL PROTECTED] or telephone ++ 353 1 6095000. * Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59176t=59174 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT low cost DS3 router [7:58916]
At 07:47 PM 12/10/2002 +, jeff sicuranza wrote: Fellas, this request just came in from a buddy of mine, if figured while I search I was wondering if any of you have seen or used one before. Take off your Cisco hat for second and think about this: What device would you use to terminate a DS3 to ethernet that is ultra low cost. I need to find a low cost, carrier type CPE that will take a DS3 and hand off eithernet. Low cost, low feature is the guiding word. Last I checked, most carriers buy Cisco here. Let me know Thanks... /JS Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58936t=58916 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Can I configure BGP neighbor using HSRP VIP ip address of [7:58938]
At 07:15 PM 12/10/2002 +, Kim Seng wrote: r1 | | - | | | | r2 r3 In the above configuration, r2 and r3 are configured with HSRP. I need to configure iBGP between r1, r2 and R3. Can I configure neighbor from r1 to r2 and r3 using the HSRP virtual ip address? or I need to use r2, r3 real ip address or using peer-group? BGP runs on TCP and you won't find stateful TCP failover as part of the HSRP spec. Hence, this won't work, nor do you really want it to. For policy reasons, peer with both upstreams and you'll have more control. Thanks. Kim. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58938t=58938 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Loopback and OSPF [7:58890]
At 04:00 PM 12/10/2002 +, Christopher Dumais wrote: Can you use Loopback interfaces to pass OSPF traffic? Here is my example: The below routers will never form an OSPF adjacency. loopback addresses are virtual as you likley know, and inherently stub networks (ie they cannot be used for transit as the medium they represent holds only one device) Pete Router A Interface loopback0 ip address 10.10.10.10 255.255.255.0 Interface Vlan 2 ip address 2.2.2.2 255.255.255.0 Router ospf 1 network 0.0.0.0 255.255.255.255 area 0 Router B Interface loopback 0 ip address 10.10.10.11 255.255.255.0 Interface Vlan 3 ip address 3.3.3.3 255.255.255.0 Router ospf 1 network 0.0.0.0 255.255.255.255 area 0 Will the loopback interfaces pass along the OSPF traffic so that both router will know about vlans 2 and 3? I know that OSPF will use loopbacks as the router ID, but have not found anything conclusive about OSPF distribution. Thanks in advance!! Chris Dumais, CCNP, CNA Sr. Network Administrator NSS Customer and Desktop Services Team Maine Medical Center (207)871-6940 [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58939t=58890 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Hello (long response) [7:58824]
I brought these issues to my boss attention last wednesday and on thursay he ordered me to 'clean' house. The first thing I did was to send pink slips to all 4 CCIEs in the group and told them that they are fired because they don't know anything other than RS. They were making $130k/year and sucking almost all of So essentially, you started on 11/25 and after 8 days of work you were making 500k/year headcount reductions? Is wine coming out of the tap there yet or did you wake up? I don't disagree with your points and have never been one to judge an individuals quality on the basis of a vendor exam, but I think there are more credible ways to make this point. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58941t=58824 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Specific BGP Question [7:58428]
Hi Jim, Some thoughts inline. On Tue, 2002-12-03 at 02:16, Jim Devane wrote: Hello all, Long time lurker, first time poster. I have a router that is multi-homed between 16631 and 701. I have a new client who is buying transit from us. They are multi-homed to us and 1239. A business decision was made to policy route their traffic out 16631. Sound fair. Likely cheaper than 701 I expect. As a result I will only publish 16631 routes to them. Can you elaborate on why you would do this? Also, do you send 0/0 to the customer? However, if 16631 goes away, I want to be able to push the 701 routes to them. Not sure why you are worried about sending both in the first place? Injecting a default wouldn't be very effective here since 1239 will most likely have a more specific route! So Conditional Adv to the rescue. However..I have a few questions I am unsure about and I don't have a lab to try it out on. In this config: router bgp nei New_Client remote-as Client_AS nei New_Client filter-list 4 in nei New_Client filter-list 3 out ip as path access-list 3 permit .* ip as-path access-list 4 permit ^Client_AS$ so far so good I want to add this... nei New_Client advertise-map MAP1 non-exist-map MAP2 route-map MAP1 permit 10 match as-path 5 route-map MAP2 permit 10 match as-path 6 ip as-path access-list 5 ^$ _16631_ ip as-path access-list 6 ^$ _701_ SO NOW THE QUESTIONS!!! 1) What is the order of operation for the advertisement out? Will the Filter-list showing all routes cancel any effect of the route-map? 2) Are the MAP1 and MAP2 route maps valid in this config because they use as-path? The config's I could find as example were based on Prefix. I made up the part about using the as-path, but it seems logical (boy, I wish I had a couple extra routers!) 3) Is there a better way to go about this! Thanks in advance. And thanks to everybody who posts. I have taken away a lot from this mailing-list! Jim Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58443t=58428 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Ccie is a rip off! [7:58458]
Sorry, are you flaming the Cisco test, or some book? On Tue, 2002-12-03 at 12:11, W'WW(W WW wrote: Someone should say this already : There is no experties-checking in any ccie written exam! The ccie is a rip-off! 50% memory questions (like what vip version is eprom-value:01e00 and other shit.. I got the official exam certification guide I am a ccip/ccdp/ccnp and I never got so miss-leaded! this book from july 2002 (very new) and it says (page 4) the exam is 100 question + does not include the fddi and many more ... it is missleading in many areas + the question and cd-test is 80% less hard then the actual test and it tells you that they are harder! i payed the price for getting the book for an idea of the test and i got the wrong idea! i think that cisco is doing something very wrong with this The material are quite broad and you can ask many hard questions on the technologies But there are so many of them about how many slots in this..?,what version support that..?,what ip precedence number is flush.. that gets you thinking cisco is not Concern about checking your experties but something complitly different - that gets people like us talking about the exams like it is something to brag about! Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58473t=58458 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF E1 or E2 [7:58454]
Some thoughts below On Tue, 2002-12-03 at 13:26, p b wrote: Comments inline: Howard C. Berkowitz wrote: At 5:00 PM + 12/3/02, p b wrote: One of the cisco press books indicates one should use type 1 externals when the route is being advertised by 1 ASBR and type 2 externals when there's a single ASBR. This is just plain wrong. The reason you have E1 and E2 is to have different routing policies. E1 enforces a closest-exit policy which gives a degree of load sharing. E2 enforces a best-exit policy. For example, you might have one fast link to an ISP and one dial backup link, or a primary and a backup provider. In both cases, you want an E2 because you always want to go to a specific exit UNLESS there is a failure. See ACRC (Chappel), page 217. Under E1 explanation ...Use this packet type when you have multiple ASBRs advertising a route to the same AS Under E2 explanation ... use this packet type if only one router is advertising a route to the AS... I'd go with Howard on this one ;-) E1 metrics simply let routers find the closest exit from the AS (so long as the external side of the metrics are relatively consistent) Are there any issues if one uses type 1 external even when the route is being advertised by a single ASBR? It would seem useful, given the cost to the external is compatible with the costing used in the OSPF network, to use type 1 externals even if the route originates from a single ASBR. The benefit being able to get a meaningful cost value to the external. Why? If there's only one connection to the outside, does the internal cost really matter if you have to go there? Is there no benefit to knowing the cumulative cost? Is there a benefit to knowing an E2 cost which has no cost meaning within the OSPF AS?As mentioned, there is only a single ASBR advertising this route, but there may be many paths to this ABSR. So if there's no overhead with using a type 1 here, why not use it and get the cost information? The path to the ASBR, or forwarding address if it isn't 0.0.0.0, comes out of the routing table. Hence, the router already knows the best path to ASBR. Having it represented in OSPF simply changes the outcome of the route selection process when there are mulitple entries for the same destination. In many cases, as Howard points out, you want all routers in the same AS to prefer ASBR1 over ASBR2 for the same destination. This is what routing policies are all about. In these cases, you simply set E2 metrics accordingly and accomplish your goal. Again, it's a matter of trying to figure out what you are trying to accomplish (what problem are you trying to solve) and picking the right tools to solve it. E1 and E2 are simply additional tools that can enable different routing strategies. Is there any unexpected issues which might arise when doing this? Flooding of LSAs or SPF aren't imapcted if a route is an E1 or E2, right? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58475t=58454 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: RE: CCIE written [7:58400]
I've noticed however that the lab itself isn't booked heavily (I could be wrong) If the pool isn't full, turn on the hose and fill it up. Training down your qualification requirements accomplishes that as far as I see it. On Tue, 2002-12-03 at 16:19, Bernard wrote: Priscilla, more doable less scary refers to the same exam (new format) at different passing scores. I did not mean to compare the new format and the old format. The new CCIE written exam with 58% as the passing score is more doable less scary than the same new CCIE written exam with 70% as the passing score. Rgds, Bernard This exam is much more doable now. It is not as scary as it used to be at 70%. Isn't your logic backwards if you say that the exam is more doable and less scary now? To maintain the same ratio of passing people versus non-passing people, they reduced the passing score because the exam is harder to pass than it used to be. At least that is what I would assume, or am I confused? Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58488t=58400 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OSPF ABR question [7:57990]
On Sun, 2002-12-01 at 12:18, p b wrote: Peter van Oene wrote: Non intra-area ASBRs are found via type 4 LSAs (ASBR Summary) which follow the same rules as type 3 summaries and thus prevent non zero areas from providing transit toward ASBRs (that is where the non zero area contains neither the source nor ASBR) You're right. I went back and looked at my lab config. I had had a link configured as non-0 when I thought it was in area 0. Thus the incorrect conclusion regarding externals and non-0 areas for transit. It's interesting that OSPF will, apparently, always prefer an OSPF intra-area path over an inter-area path to a destination, even when the inter-area path is less cost. This has implications for certain area 0 topologies (ie a ring built from p2p links) and thus can result in sub-optimal paths for certain source routers and destinations. A general concept in routing is to always prefer information from the most accurate source. In Link State routing, a given router always has the most accurate information about the area itself, and thus will always prefer information derived from there. This mechanism also prevents loops. This would happen when a router, R, in area 0 is trying to reach a destination, D in a non-0 area, and there are two ABRs. ABR_1 and ABR_2 will install intra-area routes to the destination D. ABR_1 and ABR_2 will advertise into area 0 their costs to D via type 3 LSAs. Router R will compute its cost to D through ABR_1 and ABR_2. It might determine that ABR_2 is the prefered ABR through which R should route traffic to D. However, if the path between R and ABR_2 causes the traffic to go through ABR_1, traffic from R to D will enter the non-0 area at ABR_1 (since OSPF prefers intra-area paths over inter-area path, even if more expensive; ABR_1 thus installs the intra-area routes). Thus, traffic from R-D takes a sub-optimal path. Note this behvaior has nothing to do with summarization. Issues like these often occur in OSPF. Pat Murphy, in his NSSA drafts, refers to this phenomenon as hijacking. It is good to keep in mind that this only produces sub-optimalities, not routing instabilities. However, all routing impementations can be prone to sub-optimal routing if you do not optimally design the topology. BGP confederations often suffer from this as the length of the AS-Confed-Sequence is not used in the BGP path selection algorithm. Given the topology of area 0, little might be possible in avoiding the sub-optimal routing For ring topologies, I often mux the link between ABR_1 and ABR_2 to provide two logical links. If these are in a POP together, they likely run GigE or something similar in which case one can simply use 802.1q over the link and present an Area 0 link along with a non backbone link. This helps in the enterprise case where summarization is occuring, and also helps provide more optimal routing. The only cost is in IP addressing and a little more complexity. Should POS be in use, frame works well here in the same fashion. . However, R would know, when it computes its tree to D, that traffic will flow through ABR_1 to get to ABR_2. Looking at the cost to D from router R (via show ip route) it shows the cost as if the path enters the non-0 area at ABR_2. However, this isn't the path traffic will follow. Now, R has the information to make the determination that traffic will flow into the non-0 area at ABR_1. Why would R not show the cost to D via ABR_1 as this is the path that traffic takes? Actually R doesn't have this information. The SPF algorithm is used within the area to find the minimal cost path to each node in the area. For an inter area destination, the already known cost to an ABR is summed with the cost provided in the LSA to create an Inter Area Cost (IAC) to the given destination, the least of which (assuming there are more than one for a given destination) is chosen and used for next-hop selection. At no point does the router calculate an SPF to the inter-area destination specifically. It also doesn't look deeply at the composite nodes along a given path to determine whether or not they happen to be ABRs themselves, and certainly not ABRs which happen to provide transit to a particular area for which they might also be deriving IACs to in another process. Furthermore, they don't actually even know which areas a given ABR provides transit to as this information isn't relevant nor contained in a type3/4 LSA. As hopefully I've pointed out, there really isn't a way in OSPF to iron out all the potential for sub-optimality that a given topology might present. It is incumbent upon the designer to understand and architect around, or live with these issues. Thanks R2-ABR_1-R5-ABR_2-R3 The result with an ABR using non-zero summary information in its routing table is that some intra area0 traffic might
Re: OSPF ABR question [7:57990]
On Sat, 2002-11-30 at 12:52, p b wrote: Thanks for the comments. Some thoughts below. Peter van Oene wrote: Went back and read through some of the relevant parts of the RFC. I believe there is no routing loop issue if an ABR was to consider summary LSAs received from non-zero areas. (where consider means install routes from these type 3s. consider, above, does not mean propogate the summary info into area 0). I believe this would maintain the DV properties of the OSPF two-level hierarchy because the ABR would not re-originate the information that was already re-orignated at another ABR. A subtle point here. Type 3 summaries, when sent inter area, are not flooded, but regenerated. The ABR generates them by looking at routes in the routing table. Hence, if the ABR put routes in the table from non backbone type 3's, those routes would be prone to readvertisement into the baackbone. Is the ABR behavior you describe (ABR looks in routing table to determine what to regenerate in the summary LSA) part of the spec or is this how a specific implementation works? See 12.4.3 of 2328. In fact, if the ABR did install routes based on the non-0 summary LSA information, better paths to destinations might be possible. However, since the ABR doesn't advertise these better paths (remember, no taking non-0 summary info and sending into area0) these better paths are not visible to the backbone area. Can you give an example of this? If all ABRs send accurate summaries to the backbone, from the backbones perspective, routing should be optimal. The only time it becomes less is is when the ABR coalesces information Here's an example topology. It's very simple and somewhat contrived, but illustrates the point. Note, link costs are show on each link. R2--1--ABR_1---100---ABR_2--1R3 (area 0) | || |(area 1) | |--1--R5--1--| | || R1 R4 R2, ABR_1, ABR_2 and R3 are in area 0 R1, ABR_1, ABR_2, R4 and R5 are in area 1 Now consider R2 sending packets to R3. R2 would compute the SPF across area 0. R2 would expect the path to be R2-ABR_1-ABR_2-R3. However, assume ABR_1 considers the Summary LSAs it receives from ABR_2 and installs these into its routing table. ABR_1's cost to R3 would be less via area 1 than the 100 cost through area 0. Presumably, ABR_1 would instead install the path to R3 to go through area 1. So, traffic from R2, being sent to R3, would go: R2-ABR_1-R5-ABR_2-R3. So, if the ABR was to consider non-0 summaries, better paths to a destination might be possible. Sure, but again, in sample topologies where this fit might work. However, you could solve the above problem my making area 5 an ABR. In your design, you have not optimally built your OSPF network and are looking to break the protocol to suit a sub-optimal design. Most of these issues are better solved with design than kludging up protocols. Note, there's very interesting behavior here when external's are involved. Suppose R3 causes an external to be injected into OSPF. This external get flooded through area 0 and area 1. ABR_1 will compute the shortest path to this external. If the cost through the non 0 area is better, ABR_1 does install the path to the external to go through area 1. What this means is that the spec apparently does allow non-0 areas to be transit for externals. Traffic from area 0's R2 going to an external hanging off of area 0's R3's transit area 1 (R5): Non intra-area ASBRs are found via type 4 LSAs (ASBR Summary) which follow the same rules as type 3 summaries and thus prevent non zero areas from providing transit toward ASBRs (that is where the non zero area contains neither the source nor ASBR) R2-ABR_1-R5-ABR_2-R3 The result with an ABR using non-zero summary information in its routing table is that some intra area0 traffic might unexpectedly transit a non-zero area. Unexpectedly here means that the area0 SPF would compute a path to the destination, and from the SPF perspective, traffic would remain on area0. But when the traffic hit the ABR, it might forward the packets over the non-0 area as that's a better path towards the destination. Ok, I'm losing you a bit here. Maybe an example would help. Forwarding decisions in OSPF are either source to destination, source to ABR, ABR to ABR, or ABR to destination. In all of these cases, the source and final or intermediary source shared an identical LSDB from which they will calculate similar SPF trees. Hence, there shouldn't be a case in a stable network where two nodes in the same area find a different best path through the area. In the Area 0 case, assuming the traffic is destined to a non-0 area, the ABRs simply forward that traffic
Re: OSPF ABR question [7:57990]
an issue if the ABR behaved as described above. Again, not in your simple topology as far as I can tell. Thanks for the thoughts so far. Be interested in more feedback on the above analysis. Peter van Oene wrote: On Sun, 2002-11-24 at 21:56, p b wrote: Consider this a question around the theory behind why OSPF did things a certain way. Somewhere along the way, Moy et. al. decided that there was an issue with an ABR processing a summary LSA. Based on that, they decided to make a design decision in OSPF to not allow this behavior. Intra area routing uses a distance vector methodology. Such mechanisms are prone to couting to infinity issues stemming from information feedback. Having a strict hierarchy prevents this. Apparently the restriction on ABR's processing of summary LSA information is being relaxed. This relaxation is described in the ID. You are right, the ID is slightly different than the context of my question. In the ID, the ABR is not connected to area 0, where's in my case, it is connected to area 0. But the concepts are similar-- there are times when an ABR should consider and use summary LSA information. The concepts are not that similar in my opinion. The non backbone connected ABR will not be capable of feeding back routing information into the backbone so long as regular ABRs ignore his summaries. There are valid designs that support this requirement. However, I do not see any valid reason to intentially fragment ones OSPF backbone. What problem does your topology solve? I'm not sure I understand your comment about adjacencies. ABR_1 does receive the summary LSAs from ABR_2 and stores these routes from these summaries in its LSDB for area 1. So this isn't an adjcency issue. So, still looking for an answer to the question. Why is it that an ABR can not use the information it receives in a summary LSA as part of the route selection process? There must be a reason why the spec indicates this is not allowed, and thus I'm looking for this reason. Doing so would create the potential for routing loops, particularly when two ABRs sit within the same area. In equal cost situations, there are no additional bits to designated whether a summary has passed through the backbone or not (like the ISIS up/down bit for example). The ID you refer to introduces this type of functionality for the non backbone connected ABR. Regarding the M$ comment. It really surprises me how often folks will cookie-cutter a design based on what was presented in the last book they skimmed and not try to understand a topic beyond what's needed to pass an exam. Just looking for some outside of the box thinking... The Long and Winding Road wrote: p b wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Thanks. But this doesn't really answer my question. I realize that area 0 is partitioned. I'm not looking for an answer to is there a rule that prevents this, but instead, what breaks if ABR_1 were to consider routes learned via a non-area-0 summary LSA in its computation of it's routing table? CL: sorry to be inflexible on this, but in my mind what you are asking is why doesn't OSPF behave in a way that it is not supposed to behave? Note, I'm also not asking why ABR_1 should not flood ABR_2's summary LSAs into ABR_1's area 0. So back to the scenario: all routers in area 1, including ABR_1, receive summary LSAs from ABR_2 which contain the routes from ABR_2's area 0. CL: no - becasue no adjacency can be formed between area 1 and area 2 routers. all adjacencies have to be formed between an area's ABR, which is connected to area zero. this changes if you either 1) unpartition area 0, with a tunnel or a virtual link or 2) set up a virtual link across either area 1 or area 2, ( which is probably the same as # 1 ) CL: you have an adjacency between area 1 and the area 0 it conects to, and area 2 and the area 0 it connects to. you do not get an adjacency between the area 1 and the area 2 routers. All non-ABR routers in area 1 will process the information injected by ABR_2's summary LSAs. These routers will install these routes into their routing table. These non-ABR routers will not realize there is an area 0 parition and will have reachability into both. (I've not tested this, but believe this to be true.) Since ABR_1 is an ABR with a backbone connection, it's not allowed to: - forward information from ABR_2's summary LSAs into it's area 0. - consider any routes found in ABR_2's summary LSAs as candidates for insertion
Re: Spanning tree loop [7:58099]
At 10:41 PM 11/26/2002 +, Larry Letterman wrote: switch A and B wont talk to each other or cause a loop because you have switch B isolated. STP in your case is set for 3 instances : STP for Vlan 1, Vlan 7 and Vlan 8. A loop would be present if switch B were set for Vlan 7 on both links and STP did not block one of the ports. I'm curious here. Given Switch A and B don't emit tagged frames, traffic should flow freely despite A and B's disagreement on VLAN ID. I am not very familiar with Per VLAN STP encoding however. Are the BPDU's modified to carry a VLAN identifier? This would seem superfluous to me and I'd wonder where it would be needed. My take on 802.1q PVST+ is that only the common STP BDPUs are sent untagged and all other BPDUs are sent tagged with their appropriate VLAN making them easy to disambiguate. pauldongso wrote: Hi All, Please advise how STP participates in the following scenario and why STP fails to stop the loop? |switch A | - |(vlan 7)| (vlan 8) || || |(vlan 1)|(vlan 1) --- | switch B | || | vlan 1 hosts In short, switch A has two ports configured with vlan 7, vlan 8 respectively. Swtich B all ports are at default vlan 1. links between swA and swB are access mode. This scenario creates bridging loop. But just can't figure out why STP fails to stop loop. Thanks in advance. Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58158t=58099 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Spanning tree loop [7:58099]
On Tue, 2002-11-26 at 23:16, Larry Letterman wrote: Hi Peter, In a simpler analogy. vlan 7 would be a seperate switch with a connection to the vlan 1 switch... vlan 8 would be a seperate switch with a connection to the vlan 1 switch.. no loop exist between any part of the 3 networksvlan 7 and 8 are isolated from each other. So stp sees no loops between vlan 1 and either of the other vlans. if the switches are capable, do a show spantree summ, and see what it replies with Thanks. I'm pretty cool with the concept of vlans. My brain immediately went to the more intesting question of non native VLAN PVST in this case as should have been more evident from my questions. Assuming switch A was entirely VLAN 7 and switch B entirely 8 for example. This would be more interesting. Untagged traffic would flow freely, yet STP likely wouldn't catch loops were it encoded with VLAN IDs. Peter van Oene wrote: At 10:41 PM 11/26/2002 +, Larry Letterman wrote: switch A and B wont talk to each other or cause a loop because you have switch B isolated. STP in your case is set for 3 instances : STP for Vlan 1, Vlan 7 and Vlan 8. A loop would be present if switch B were set for Vlan 7 on both links and STP did not block one of the ports. I'm curious here. Given Switch A and B don't emit tagged frames, traffic should flow freely despite A and B's disagreement on VLAN ID. I am not very familiar with Per VLAN STP encoding however. Are the BPDU's modified to carry a VLAN identifier? This would seem superfluous to me and I'd wonder where it would be needed. My take on 802.1q PVST+ is that only the common STP BDPUs are sent untagged and all other BPDUs are sent tagged with their appropriate VLAN making them easy to disambiguate. pauldongso wrote: Hi All, Please advise how STP participates in the following scenario and why STP fails to stop the loop? |switch A | - |(vlan 7)| (vlan 8) || || |(vlan 1)|(vlan 1) --- | switch B | || | vlan 1 hosts In short, switch A has two ports configured with vlan 7, vlan 8 respectively. Swtich B all ports are at default vlan 1. links between swA and swB are access mode. This scenario creates bridging loop. But just can't figure out why STP fails to stop loop. Thanks in advance. Paul Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=58170t=58099 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]